bindata: run openshift-apiserver as root explicitly.

openshift-apiserver needs to run as root in order to be able to write audit to /var/log/openshift-apiserver. Currently only "priviledged: true" is specified which can lead to picking SCCs that do not have the RunAsAny policy. This fixes it by specifying runAsUser: 0 explicitely.
openshift · Aug 20, 2021 · 95f401c · 95f401c
1 parent 163e5e7
commit 95f401c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/bindata/v3.11.0/openshift-apiserver/deploy.yaml b/bindata/v3.11.0/openshift-apiserver/deploy.yaml
@@ -49,6 +49,7 @@ spec:
           command: ['sh', '-c', 'chmod 0700 /var/log/openshift-apiserver']
           securityContext:
             privileged: true
+            runAsUser: 0
           volumeMounts:
             - mountPath: /var/log/openshift-apiserver
               name: audit-dir
@@ -72,6 +73,7 @@ spec:
         # we need to set this to privileged to be able to write audit to /var/log/openshift-apiserver
         securityContext:
           privileged: true
+          runAsUser: 0
         ports:
         - containerPort: 8443
         volumeMounts:

diff --git a/pkg/operator/v311_00_assets/bindata.go b/pkg/operator/v311_00_assets/bindata.go