✨ (go/v3) change 'runAsUser: 65532' to 'runAsNonRoot: true'

[estroz]

This PR changes the manager pod template's security context runAsUser: 65532 to runAsNonRoot: true. User 65532 is already specified in a project's Dockerfile which the security context uses when runAsUser is unset, making the security context's value redundant (and prone to drift if that value is changed in the Dockerfile) in kubebuilder's case.

Signed-off-by: Eric Stroczynski [email protected]

[estroz]

/retest

[estroz]

/retest

[Adirio]

LGTM (not adding the label too early to let others review it if needed as it is already aproved)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Adirio, estroz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [estroz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[camilamacedo86]

IMO to allow it gets merged, we need to ensure that after that the following error will not be faced.

Error: container has runAsNonRoot and image has non-numeric user (nonroot), cannot verify user is non-root

It was the motivation for the change raised in #1637.

So, we would need to check it with @harpratap.

@harpratap could you please let us know if after this change the above error will be faced? Are you ok with?

c/c @estroz @Adirio

[estroz]

@camilamacedo86 both the conditions listed in #1637 no longer hold (both Dockerfiles now specify non-root user IDs) so this will work with a restrictive pod security policy. You can check this yourself by applying the one specified in the issue.

[camilamacedo86]

/lgtm

[harpratap]

@camilamacedo86 @estroz The changes lgtm