From 5fee96b404285cf666bec814970a4e0e08b40872 Mon Sep 17 00:00:00 2001
From: p53 <pavol.ipoth@gmail.com>
Date: Tue, 23 Mar 2021 19:03:37 +0100
Subject: [PATCH] Fix cinder cert permissions (#7384)

* Fix permissions of cinder cert

* Change runuser for external_cloud_controller to kube user with id 999, part of 999 - kube-cert group
---
 .../external-openstack-cloud-controller-manager-ds.yml.j2       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
index c623fecce..149f70b42 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
@@ -30,7 +30,7 @@ spec:
         node-role.kubernetes.io/control-plane: ""
 {% endif %}
       securityContext:
-        runAsUser: 1001
+        runAsUser: 999
       tolerations:
       - key: node.cloudprovider.kubernetes.io/uninitialized
         value: "true"