Don't hardcode UIDs in securityContext (#3015)

Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>

CHANGELOG.md

@@ -14,6 +14,7 @@ To learn more about our roadmap, we recommend reading [this document](ROADMAP.md
 ## History
 
 - [Unreleased](#unreleased)
+- [v2.7.1](#v271)
 - [v2.7.0](#v270)
 - [v2.6.1](#v261)
 - [v2.6.0](#v260)
@@ -49,6 +50,12 @@ To learn more about our roadmap, we recommend reading [this document](ROADMAP.md
 
 - TODO ([#XXX](https://github.com/kedacore/keda/issue/XXX))
 
+## v2.7.1
+
+### Improvements
+
+- **General**: Don't hardcode UIDs in securityContext ([#3012](https://github.com/kedacore/keda/issues/3012))
+
 ## v2.7.0
 
 ### New

Dockerfile

@@ -36,6 +36,7 @@ RUN VERSION=${BUILD_VERSION} GIT_COMMIT=${GIT_COMMIT} GIT_VERSION=${GIT_VERSION}
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY --from=builder /workspace/bin/keda .
-USER nonroot:nonroot
+# 65532 is numeric for nonroot
+USER 65532:65532
 
 ENTRYPOINT ["/keda", "--zap-log-level=info", "--zap-encoder=console"]

Dockerfile.adapter

@@ -39,7 +39,8 @@ FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY --from=builder --chown=nonroot:nonroot /apiserver.local.config  /apiserver.local.config
 COPY --from=builder /workspace/bin/keda-adapter .
-USER nonroot:nonroot
+# 65532 is numeric for nonroot
+USER 65532:65532
 
 
 ENTRYPOINT ["/keda-adapter", "--secure-port=6443", "--logtostderr=true", "--v=0"]

config/manager/manager.yaml

@@ -23,9 +23,6 @@ spec:
       name: keda-operator
     spec:
       securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
         runAsNonRoot: true
       serviceAccountName: keda-operator
       containers:

config/metrics-server/deployment.yaml

@@ -20,9 +20,6 @@ spec:
       name: keda-metrics-apiserver
     spec:
       securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
         runAsNonRoot: true
       serviceAccountName: keda-operator
       containers: