fix: remove fixed runAsUser from hello-openshift Deployments

butler54 · claude · butler54 · commit ea2d8fda626c · 2026-04-21T10:49:25.000+09:00
Bare Pods ran under kube:admin with anyuid SCC, but Deployment-created
pods use the default ServiceAccount which only has restricted-v2 SCC.
Remove the fixed runAsUser: 1001 and let OpenShift assign a UID from
the namespace range. runAsNonRoot: true ensures non-root execution.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/charts/coco-supported/hello-openshift/templates/insecure-policy-deployment.yaml b/charts/coco-supported/hello-openshift/templates/insecure-policy-deployment.yaml
@@ -26,7 +26,6 @@ spec:
             privileged: false
             allowPrivilegeEscalation: false
             runAsNonRoot: true
-            runAsUser: 1001
             capabilities:
               drop:
                 - ALL
diff --git a/charts/coco-supported/hello-openshift/templates/secure-deployment.yaml b/charts/coco-supported/hello-openshift/templates/secure-deployment.yaml
@@ -27,7 +27,6 @@ spec:
             privileged: false
             allowPrivilegeEscalation: false
             runAsNonRoot: true
-            runAsUser: 1001
             capabilities:
               drop:
                 - ALL
diff --git a/charts/coco-supported/hello-openshift/templates/standard-deployment.yaml b/charts/coco-supported/hello-openshift/templates/standard-deployment.yaml
@@ -23,7 +23,6 @@ spec:
             privileged: false
             allowPrivilegeEscalation: false
             runAsNonRoot: true
-            runAsUser: 1001
             capabilities:
               drop:
                 - ALL
