fix: Don't set runAsNonRoot=true for Eclipse Che operands (#1477)

Signed-off-by: Anatolii Bazko <abazko@redhat.com> Signed-off-by: Anatolii Bazko <abazko@redhat.com>
2022-08-10 19:11:28 +03:00 · 2022-08-10 19:11:28 +03:00 · a3d6f70fe6
parent 50ac2172df
commit a3d6f70fe6
2 changed files with 0 additions and 2 deletions
--- a/pkg/common/test/utils.go
+++ b/pkg/common/test/utils.go
@ -83,7 +83,6 @@ func CompareResources(actualDeployment *appsv1.Deployment, expected TestExpected

 func ValidateSecurityContext(actualDeployment *appsv1.Deployment, t *testing.T) {
 	assert.Equal(t, corev1.Capability("ALL"), actualDeployment.Spec.Template.Spec.Containers[0].SecurityContext.Capabilities.Drop[0])
-	assert.Equal(t, pointer.BoolPtr(true), actualDeployment.Spec.Template.Spec.Containers[0].SecurityContext.RunAsNonRoot)
 	assert.Equal(t, pointer.BoolPtr(false), actualDeployment.Spec.Template.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation)
 }

--- a/pkg/deploy/deployment.go
+++ b/pkg/deploy/deployment.go
@ -176,7 +176,6 @@ func EnsurePodSecurityStandards(deployment *appsv1.Deployment, userId int64, gro
 		if deployment.Spec.Template.Spec.Containers[i].SecurityContext == nil {
 			deployment.Spec.Template.Spec.Containers[i].SecurityContext = &corev1.SecurityContext{}
 		}
-		deployment.Spec.Template.Spec.Containers[i].SecurityContext.RunAsNonRoot = pointer.BoolPtr(true)
 		deployment.Spec.Template.Spec.Containers[i].SecurityContext.AllowPrivilegeEscalation = pointer.BoolPtr(false)
 		deployment.Spec.Template.Spec.Containers[i].SecurityContext.Capabilities = &corev1.Capabilities{Drop: []corev1.Capability{"ALL"}}
 	}