From 4e8d03d5407a6d349d8aac22a30393751542df6e Mon Sep 17 00:00:00 2001
From: Connor Catlett <conncatl@amazon.com>
Date: Mon, 15 May 2023 13:01:16 -0400
Subject: [PATCH] Migrate to EKS-D Windows base images

* Migrates Windows containers to EKS-D base images
* Add explicit runAsUserName to Windows manifests

Signed-off-by: Connor Catlett <conncatl@amazon.com>
---
 Dockerfile                                            | 4 ++--
 charts/aws-ebs-csi-driver/templates/node-windows.yaml | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 30b871d2df..0d16c8af2f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,10 +30,10 @@ FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-csi-ebs:lat
 COPY --from=builder /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/bin/aws-ebs-csi-driver /bin/aws-ebs-csi-driver
 ENTRYPOINT ["/bin/aws-ebs-csi-driver"]
 
-FROM mcr.microsoft.com/windows/servercore:ltsc2019 AS windows-ltsc2019
+FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-windows-base:1809 AS windows-ltsc2019
 COPY --from=builder /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/bin/aws-ebs-csi-driver.exe /aws-ebs-csi-driver.exe
 ENTRYPOINT ["/aws-ebs-csi-driver.exe"]
 
-FROM mcr.microsoft.com/windows/servercore:ltsc2022 AS windows-ltsc2022
+FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-windows-base:ltsc2022 AS windows-ltsc2022
 COPY --from=builder /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/bin/aws-ebs-csi-driver.exe /aws-ebs-csi-driver.exe
 ENTRYPOINT ["/aws-ebs-csi-driver.exe"]
diff --git a/charts/aws-ebs-csi-driver/templates/node-windows.yaml b/charts/aws-ebs-csi-driver/templates/node-windows.yaml
index 6fa9954295..3f460563d3 100644
--- a/charts/aws-ebs-csi-driver/templates/node-windows.yaml
+++ b/charts/aws-ebs-csi-driver/templates/node-windows.yaml
@@ -99,6 +99,9 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          securityContext:
+            windowsOptions:
+              runAsUserName: "ContainerAdministrator"
         - name: node-driver-registrar
           image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }}
           imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }}