Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Match file permissions for GID 0 as owner UID 101 (#3962)
OpenShift has various restrictions by default. Notably for Nginx Ingress Controller, it attempts to enforce randomized UID/GID as part of `restricted` Security Context Constraint. Currently that is not supported. When a randomized UID/GID is assigned, the account running inside of the container also is assigned a supplementary group membership in the root group. To prepare for enablement of the more restrictive SCCs, file permissions should be tweaked. This change ensures that when building the container, all files that get `chown`ed to `101:0` also ensure the owner GID 0 has same permissions that UID 101 has. Reference: https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids
- Loading branch information