We no longer need to run as the '1000' user.

README.md

@@ -304,7 +304,7 @@ The `IBMSecurityVerifyDirectory` custom resource definition contains the followi
 |spec.pods.envFrom[]|A list of sources to populate environment variables in the container.  Further information can be found at [https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/]().| |No
 |spec.pods.env[]|A list of environment variables to be added to the pods.  Further information can be found at [https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/]().| |No
 |spec.pods.serviceAccountName|The Kubernetes account which the pods will run as.|default|No
-|spec.pods.securityContext|The security context which will be used by the running pods.  Further information can be found at [https://kubernetes.io/docs/tasks/configure-pod-container/security-context/]().  Note that the `runAsUser` field will always be set to `1000`.  In an OpenShift environment it is critical that the service account which the pod is set to run as has the security context restraints set so that the `1000` UID is permitted. | |No
+|spec.pods.securityContext|The security context which will be used by the running pods.  Further information can be found at [https://kubernetes.io/docs/tasks/configure-pod-container/security-context/]().  The 10.0.0.0 version of IBM Security Verify Directory had a requirement that the container runs as the `1000` user.  This can be achieved by setting the `runAsUser` field to `1000`.  In later versions the `runAsUser` field can be set to any UID. | |No
 
 Please note that if a modification of the LDAP schema is required, using LDAP modification operations, a PVC will also need to be specified for the proxy.  In addition to this, the number of proxy replicas should be scaled back to 1 while the LDAP schema modifications take place.  The number of proxy replicas can then be scaled back up again after the LDAP schema modifications have been completed.
 

src/api/v1/ibmsecurityverifydirectory_types.go

@@ -138,7 +138,7 @@ type IBMSecurityVerifyDirectoryPods struct {
     // with.  
     // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
     // +optional
-    SecurityContext corev1.PodSecurityContext `json:"securityContext,omitempty" protobuf:"bytes,15,opt,name=securityContext"`
+    SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty" protobuf:"bytes,15,opt,name=securityContext"`
 }
 
 // IBMSecurityVerifyDirectorySpec defines the desired state of 

src/controllers/ibmsecurityverifydirectory_create.go

@@ -361,12 +361,6 @@ func (r *IBMSecurityVerifyDirectoryReconciler) seedReplica(
 		},
 	)
 
-	/*
-	 * We always need to run as the '1000' user.
-	 */
-
-	h.directory.Spec.Pods.SecurityContext.RunAsUser = &utils.RunAsUser
-
 	/*
 	 * Create the job.
 	 */
@@ -390,7 +384,7 @@ func (r *IBMSecurityVerifyDirectoryReconciler) seedReplica(
 					Volumes:            volumes,
 					ImagePullSecrets:   h.directory.Spec.Pods.Image.ImagePullSecrets,
 					ServiceAccountName: h.directory.Spec.Pods.ServiceAccountName,
-					SecurityContext:    &h.directory.Spec.Pods.SecurityContext,
+					SecurityContext:    h.directory.Spec.Pods.SecurityContext,
 					RestartPolicy:      corev1.RestartPolicyNever,
 					Containers:         []corev1.Container{{
 						Env:             env,
@@ -601,12 +595,6 @@ func (r *IBMSecurityVerifyDirectoryReconciler) deployReplica(
 		},
 	)
 
-	/*
-	 * We always need to run as the '1000' user.
-	 */
-
-	h.directory.Spec.Pods.SecurityContext.RunAsUser = &utils.RunAsUser
-
 	/*
 	 * The liveness, and readiness probe definitions.
 	 */
@@ -646,7 +634,7 @@ func (r *IBMSecurityVerifyDirectoryReconciler) deployReplica(
 			Volumes:            volumes,
 			ImagePullSecrets:   h.directory.Spec.Pods.Image.ImagePullSecrets,
 			ServiceAccountName: h.directory.Spec.Pods.ServiceAccountName,
-			SecurityContext:    &h.directory.Spec.Pods.SecurityContext,
+			SecurityContext:    h.directory.Spec.Pods.SecurityContext,
 			Hostname:           podName,
 			Containers:         []corev1.Container{{
 				Env:             env,

src/controllers/ibmsecurityverifydirectory_proxy.go

@@ -628,12 +628,6 @@ func (r *IBMSecurityVerifyDirectoryReconciler) createProxyDeployment(
 		"app.kubernetes.io/cr-name": name,
 	}
 
-	/*
-	 * We always need to run as the '1000' user.
-	 */
-
-	h.directory.Spec.Pods.SecurityContext.RunAsUser = &utils.RunAsUser
-
 	/*
 	 * Finalise the deployment definition.
 	 */
@@ -663,7 +657,7 @@ func (r *IBMSecurityVerifyDirectoryReconciler) createProxyDeployment(
 					Volumes:            volumes,
 					ImagePullSecrets:   h.directory.Spec.Pods.Image.ImagePullSecrets,
 					ServiceAccountName: h.directory.Spec.Pods.ServiceAccountName,
-					SecurityContext:    &h.directory.Spec.Pods.SecurityContext,
+					SecurityContext:    h.directory.Spec.Pods.SecurityContext,
 					Hostname:           name,
 					Containers:         []corev1.Container{{
 						Env:             env,

src/test/env/proxy-configmap.yaml

@@ -8,12 +8,15 @@ apiVersion: v1
 kind: ConfigMap 
 metadata: 
   name: isvd-proxy-config
-  namespace: default 
 data: 
   config.yaml: | 
     general: 
       id: isvd-proxy
 
+      ports:
+        ldap: 9389
+        ldaps: 9636
+
       json-logging: false
 
       license:

src/test/env/server-configmap.yaml

@@ -8,7 +8,6 @@ apiVersion: v1
 kind: ConfigMap 
 metadata: 
   name: isvd-server-config
-  namespace: default 
 data: 
   config.yaml: | 
     general: 

src/utils/names.go

@@ -24,7 +24,6 @@ import (
 
 const PVCLabel        = "app.kubernetes.io/pvc-name"
 var   ProxyCMKey      = "config.yaml"
-var   RunAsUser int64 = 1000
 
 /*****************************************************************************/