Merge pull request #2757 from bradbehle/ovn-run-as-user-ibmcloud

CORENET-6247: Set runAsUser for ovnkube-control-plane

Author: openshift-merge-bot[bot]

bindata/network/ovn-kubernetes/managed/ovnkube-control-plane.yaml

@@ -288,6 +288,13 @@ spec:
         "{{$key}}": "{{$value}}"
         {{ end }}
       {{ end }}
+      {{- if .RunAsUser }}
+      securityContext:
+        runAsUser: {{.RunAsUser}}
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      {{- end }}
       volumes:
       - name: ovnkube-config
         configMap:

pkg/bootstrap/types.go

@@ -11,6 +11,7 @@ type OVNHyperShiftBootstrapResult struct {
 	Enabled              bool
 	ClusterID            string
 	Namespace            string
+	RunAsUser            string
 	HCPNodeSelector      map[string]string
 	HCPLabels            map[string]string
 	HCPTolerations       []string

pkg/network/ovn_kubernetes.go

@@ -420,6 +420,7 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.Bo
 		productFlavor = "managed"
 		data.Data["CAConfigMap"] = bootstrapResult.OVN.OVNKubernetesConfig.HyperShiftConfig.CAConfigMap
 		data.Data["CAConfigMapKey"] = bootstrapResult.OVN.OVNKubernetesConfig.HyperShiftConfig.CAConfigMapKey
+		data.Data["RunAsUser"] = bootstrapResult.OVN.OVNKubernetesConfig.HyperShiftConfig.RunAsUser
 	}
 	manifestSubDir := filepath.Join(manifestDir, "network/ovn-kubernetes", productFlavor)
 	manifestDirs = append(manifestDirs, manifestSubDir)
@@ -716,6 +717,7 @@ func bootstrapOVNHyperShiftConfig(hc *hypershift.HyperShiftConfig, kubeClient cn
 	ovnHypershiftResult := &bootstrap.OVNHyperShiftBootstrapResult{
 		Enabled:           hc.Enabled,
 		Namespace:         hc.Namespace,
+		RunAsUser:         hc.RunAsUser,
 		ReleaseImage:      hc.ReleaseImage,
 		ControlPlaneImage: hc.ControlPlaneImage,
 		CAConfigMap:       hc.CAConfigMap,