deploy: drop securityContext in podSpec for kong

Kong's docker image has been plagued with issues in the past: - ran as `root` user, which was often flagged by users - ran as user 1337, the magical PID used by Istio's proxy, this was for service mesh in kong, which has been removed in Kong 2.0. The securityContext was added as a stopgap solution to avoid such problems. This is now being removed for two reasons: - OpenShift cries out loud if runAsUser is set. It should be empty and OpenShift assigns a UID based on security settings in the platform. Removing this helps with a better user experience and optics. - Majority of users are now running more recent versions of Kong which already have the fix
Kong · Jun 2, 2020 · b934773 · b934773
1 parent 0aad24a
commit b934773
Show file tree

Hide file tree

Showing 5 changed files with 0 additions and 10 deletions.
diff --git a/deploy/manifests/base/kong-ingress-dbless.yaml b/deploy/manifests/base/kong-ingress-dbless.yaml
@@ -25,8 +25,6 @@ spec:
       containers:
       - name: proxy
         image: kong:2.0
-        securityContext:
-          runAsUser: 1000
         env:
           # servers
         - name: KONG_PROXY_LISTEN

diff --git a/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml b/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml
@@ -706,8 +706,6 @@ spec:
           periodSeconds: 10
           successThreshold: 1
           timeoutSeconds: 1
-        securityContext:
-          runAsUser: 1000
       - env:
         - name: CONTROLLER_KONG_ADMIN_URL
           value: https://127.0.0.1:8444

diff --git a/deploy/single/all-in-one-dbless.yaml b/deploy/single/all-in-one-dbless.yaml
@@ -701,8 +701,6 @@ spec:
           periodSeconds: 10
           successThreshold: 1
           timeoutSeconds: 1
-        securityContext:
-          runAsUser: 1000
       - env:
         - name: CONTROLLER_KONG_ADMIN_URL
           value: https://127.0.0.1:8444

diff --git a/deploy/single/all-in-one-postgres-enterprise.yaml b/deploy/single/all-in-one-postgres-enterprise.yaml
@@ -770,8 +770,6 @@ spec:
           periodSeconds: 10
           successThreshold: 1
           timeoutSeconds: 1
-        securityContext:
-          runAsUser: 1000
       - env:
         - name: CONTROLLER_KONG_ADMIN_TOKEN
           valueFrom:

diff --git a/deploy/single/all-in-one-postgres.yaml b/deploy/single/all-in-one-postgres.yaml
@@ -719,8 +719,6 @@ spec:
           periodSeconds: 10
           successThreshold: 1
           timeoutSeconds: 1
-        securityContext:
-          runAsUser: 1000
       - env:
         - name: CONTROLLER_KONG_ADMIN_URL
           value: https://127.0.0.1:8444