From 6421dbbc7498eb96e660f394938812e11a1f6a64 Mon Sep 17 00:00:00 2001 From: anthony_lai Date: Tue, 14 Jun 2022 19:31:32 +0000 Subject: [PATCH 1/4] configurable runAsUser --- .../charts/weblogic-operator/templates/_operator-dep.tpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl b/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl index 8a5794d306b..6faacc095c8 100644 --- a/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl +++ b/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl @@ -33,6 +33,10 @@ spec: {{- end }} spec: serviceAccountName: {{ .serviceAccount | quote }} + {{- if .runAsUser }} + securityContext: + runAsUser: {{ .runAsUser }} + {{- end }} {{- with .nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From 4b4174a863a35f2628165f4c698029d31bb01903 Mon Sep 17 00:00:00 2001 From: anthony_lai Date: Tue, 14 Jun 2022 21:42:25 +0000 Subject: [PATCH 2/4] add runAsUser to values.yaml --- kubernetes/charts/weblogic-operator/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kubernetes/charts/weblogic-operator/values.yaml b/kubernetes/charts/weblogic-operator/values.yaml index ff9063f1545..5068017f4be 100644 --- a/kubernetes/charts/weblogic-operator/values.yaml +++ b/kubernetes/charts/weblogic-operator/values.yaml @@ -228,3 +228,8 @@ clusterSizePaddingValidationEnabled: true # Defaults to 5 retries and 10 seconds between each retry. # domainPresenceFailureRetryMaxCount: 5 # domainPresenceFailureRetrySeconds: 10 + +# runAsUser specifies the UID to run the operator container process. If not specified, +# it defaults to the user specified in the operator's container image. +#runAsUser: 1000 + From df27028f02c4ceaddcc2b651c1c3c06231427e4c Mon Sep 17 00:00:00 2001 From: anthony_lai Date: Tue, 14 Jun 2022 21:56:35 +0000 Subject: [PATCH 3/4] add runAsUser to Configuration Reference documentation --- .../content/userguide/managing-operators/using-helm.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/documentation/3.4/content/userguide/managing-operators/using-helm.md b/documentation/3.4/content/userguide/managing-operators/using-helm.md index 6d853d60bde..90ca1dd2cfc 100644 --- a/documentation/3.4/content/userguide/managing-operators/using-helm.md +++ b/documentation/3.4/content/userguide/managing-operators/using-helm.md @@ -288,6 +288,14 @@ affinity: - another-node-label-value ``` +##### `runAsUser` +Specifies the UID to run the operator container process. If not specified, it defaults to the user specified in the operator's container image. + +Example: +```yaml +runAsUser: 1000 +``` + #### WebLogic domain management The settings in this section determine the namespaces that an operator From 452bfc74a605d6d5bd4f9c6136046f6b32be2104 Mon Sep 17 00:00:00 2001 From: anthony_lai Date: Wed, 15 Jun 2022 17:22:28 +0000 Subject: [PATCH 4/4] add runAsUser heading as a cross-reference in the doc's TOC --- .../3.4/content/userguide/managing-operators/using-helm.md | 1 + 1 file changed, 1 insertion(+) diff --git a/documentation/3.4/content/userguide/managing-operators/using-helm.md b/documentation/3.4/content/userguide/managing-operators/using-helm.md index 90ca1dd2cfc..fa63c3257d8 100644 --- a/documentation/3.4/content/userguide/managing-operators/using-helm.md +++ b/documentation/3.4/content/userguide/managing-operators/using-helm.md @@ -22,6 +22,7 @@ description: "An operator runtime is installed and configured using Helm. Here a - [`labels`](#labels) - [`nodeSelector`](#nodeselector) - [`affinity`](#affinity) + - [`runAsUser`](#runasuser) - [WebLogic domain management](#weblogic-domain-management) - [`domainNamespaceSelectionStrategy`](#domainnamespaceselectionstrategy) - [`domainNamespaces`](#domainnamespaces)