Specify runAsNonRoot in daemon-set manifests (#3925)

sigv · web-flow · commit 2b6aa76cb771 · 2023-05-30T11:38:31.000-07:00
This is a no-op change. It aligns the `daemon-set` manifests to match
the `deployment` manifests. Both of these currently specify an explicit
user ID to run as, therefore the container is guaranteed to be run
as non-root.

This `runAsNonRoot: true` instruction would come in as important if
the chart no longer specifies `runAsUser`, and someone is packaging
their own image without a USER directive in the Dockerfile.
Removing the `runAsUser` parameter could be useful as to allow
OpenShift to override the UID, in a later change.
diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml
@@ -63,6 +63,7 @@ spec:
           allowPrivilegeEscalation: false
 #          readOnlyRootFilesystem: true
           runAsUser: 101 #nginx
+          runAsNonRoot: true
           capabilities:
             drop:
             - ALL
diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml
@@ -63,6 +63,7 @@ spec:
           allowPrivilegeEscalation: false
 #          readOnlyRootFilesystem: true
           runAsUser: 101 #nginx
+          runAsNonRoot: true
           capabilities:
             drop:
             - ALL
