From 82588a33a787ecde6cf20c3fa895d7cd57aaeea6 Mon Sep 17 00:00:00 2001 From: Laszlo Janosi Date: Sun, 3 May 2020 17:08:42 +0000 Subject: [PATCH] Add configuration option for the runAsUser parameter of the webhook patch job --- .../admission-webhooks/job-patch/job-createSecret.yaml | 2 +- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 4 ++-- charts/ingress-nginx/values.yaml | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 3e21b7fed..966117e5e 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -43,5 +43,5 @@ spec: {{- end }} securityContext: runAsNonRoot: true - runAsUser: 2000 + runAsUser: {{ .Values.controller.admissionWebhooks.patch.image.runAsUser }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 79d58a7bd..7ee52c3ae 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -45,5 +45,5 @@ spec: {{- end }} securityContext: runAsNonRoot: true - runAsUser: 2000 -{{- end }} + runAsUser: {{ .Values.controller.admissionWebhooks.patch.image.runAsUser }} +{{- end }} \ No newline at end of file diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 895a44759..8827ccad4 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -362,6 +362,7 @@ controller: repository: jettech/kube-webhook-certgen tag: v1.2.0 pullPolicy: IfNotPresent + runAsUser: 2000 ## Provide a priority class name to the webhook patching job ## priorityClassName: ""