diff --git a/component/coredns.libsonnet b/component/coredns.libsonnet index ef0d4e4..2417d76 100644 --- a/component/coredns.libsonnet +++ b/component/coredns.libsonnet @@ -159,8 +159,9 @@ local corednsConfigMap = name: metrics protocol: TCP securityContext: + runAsNonRoot: true runAsUser: {{.RUN_AS_USER}} - runAsNonRoot: {{.RUN_AS_NON_ROOT}} + runAsGroup: {{.RUN_AS_GROUP}} allowPrivilegeEscalation: false capabilities: drop: diff --git a/tests/golden/defaults/defaults/defaults/10_cluster.yaml b/tests/golden/defaults/defaults/defaults/10_cluster.yaml index 0fb58cc..a412244 100644 --- a/tests/golden/defaults/defaults/defaults/10_cluster.yaml +++ b/tests/golden/defaults/defaults/defaults/10_cluster.yaml @@ -439,8 +439,9 @@ data: name: metrics protocol: TCP securityContext: + runAsNonRoot: true runAsUser: {{.RUN_AS_USER}} - runAsNonRoot: {{.RUN_AS_NON_ROOT}} + runAsGroup: {{.RUN_AS_GROUP}} allowPrivilegeEscalation: false capabilities: drop: diff --git a/tests/golden/oidc/oidc/oidc/10_cluster.yaml b/tests/golden/oidc/oidc/oidc/10_cluster.yaml index f5cc195..d312bf8 100644 --- a/tests/golden/oidc/oidc/oidc/10_cluster.yaml +++ b/tests/golden/oidc/oidc/oidc/10_cluster.yaml @@ -446,8 +446,9 @@ data: name: metrics protocol: TCP securityContext: + runAsNonRoot: true runAsUser: {{.RUN_AS_USER}} - runAsNonRoot: {{.RUN_AS_NON_ROOT}} + runAsGroup: {{.RUN_AS_GROUP}} allowPrivilegeEscalation: false capabilities: drop: diff --git a/tests/golden/openshift/openshift/openshift/10_cluster.yaml b/tests/golden/openshift/openshift/openshift/10_cluster.yaml index af46bf0..a435bcd 100644 --- a/tests/golden/openshift/openshift/openshift/10_cluster.yaml +++ b/tests/golden/openshift/openshift/openshift/10_cluster.yaml @@ -482,8 +482,9 @@ data: name: metrics protocol: TCP securityContext: + runAsNonRoot: true runAsUser: {{.RUN_AS_USER}} - runAsNonRoot: {{.RUN_AS_NON_ROOT}} + runAsGroup: {{.RUN_AS_GROUP}} allowPrivilegeEscalation: false capabilities: drop: