From 05b502b6ce0ba2388674fc935e392239081b92b9 Mon Sep 17 00:00:00 2001
From: Rhys Meaclem <rhysmeaclem@gmail.com>
Date: Tue, 15 Feb 2022 20:50:08 +1300
Subject: [PATCH] Add securityContext to make container run as non-root user.

---
 pkg/k8s/common.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/k8s/common.go b/pkg/k8s/common.go
index 4fb5e93..45daa47 100644
--- a/pkg/k8s/common.go
+++ b/pkg/k8s/common.go
@@ -148,6 +148,7 @@ func newContainer(port int, image string, containerPorts []apiv1.ContainerPort,
 	cpuLimit.SetMilli(int64(1000))
 	memRequest.SetScaled(int64(100), resource.Mega)
 	memLimit.SetScaled(int64(1), resource.Giga)
+	containerUid := int64(1000)
 
 	return &apiv1.Container{
 		Name:    "ktunnel",
@@ -165,6 +166,9 @@ func newContainer(port int, image string, containerPorts []apiv1.ContainerPort,
 				"memory": memLimit,
 			},
 		},
+		SecurityContext: &apiv1.SecurityContext{
+			RunAsUser: &containerUid,
+		},
 	}
 }