From d5670d93aebf040fb14e81d123ce59a0acf34651 Mon Sep 17 00:00:00 2001
From: Valters Jansons <valter.jansons@gmail.com>
Date: Fri, 19 May 2023 19:42:40 +0300
Subject: [PATCH] Specify `runAsNonRoot` in `daemon-set` manifests

This is a no-op change. It aligns the `daemon-set` manifests to match
the `deployment` manifests. Both of these currently specify an explicit
user ID to run as, therefore the container is guaranteed to be run
as non-root.

This `runAsNonRoot: true` instruction would come in as important if
the chart no longer specifies `runAsUser`, and someone is packaging
their own image without a USER directive in the Dockerfile.
Removing the `runAsUser` parameter could be useful as to allow
OpenShift to override the UID, in a later change.
---
 deployments/daemon-set/nginx-ingress.yaml      | 1 +
 deployments/daemon-set/nginx-plus-ingress.yaml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml
index 732f3ceecb..1954d7db84 100644
--- a/deployments/daemon-set/nginx-ingress.yaml
+++ b/deployments/daemon-set/nginx-ingress.yaml
@@ -63,6 +63,7 @@ spec:
           allowPrivilegeEscalation: false
 #          readOnlyRootFilesystem: true
           runAsUser: 101 #nginx
+          runAsNonRoot: true
           capabilities:
             drop:
             - ALL
diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml
index 8fc2e6e93c..d4bceee157 100644
--- a/deployments/daemon-set/nginx-plus-ingress.yaml
+++ b/deployments/daemon-set/nginx-plus-ingress.yaml
@@ -63,6 +63,7 @@ spec:
           allowPrivilegeEscalation: false
 #          readOnlyRootFilesystem: true
           runAsUser: 101 #nginx
+          runAsNonRoot: true
           capabilities:
             drop:
             - ALL