From 8eb547d9cbe4eba58f4623764034950eac0ef455 Mon Sep 17 00:00:00 2001
From: Richard Wall <richard.wall@venafi.com>
Date: Tue, 31 Oct 2023 11:08:54 +0000
Subject: [PATCH] Remove redundant / misleading runAsNonRoot examples from
 values.yaml

`runAsNonRoot` is already set to true in the *Pod*SecurityContext,
so there isn't really any reason to set it at the Container SecurityContext too.

Having it in the example values.yaml file gives the misleading impression that
runAsNonRoot is not the default.

 * https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core

Signed-off-by: Richard Wall <richard.wall@venafi.com>
---
 deploy/charts/cert-manager/values.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml
index 0a5c632c4..5bb22d238 100644
--- a/deploy/charts/cert-manager/values.yaml
+++ b/deploy/charts/cert-manager/values.yaml
@@ -182,7 +182,6 @@ containerSecurityContext:
     drop:
     - ALL
   readOnlyRootFilesystem: true
-  # runAsNonRoot: true
 
 
 volumes: []
@@ -346,7 +345,6 @@ webhook:
       drop:
       - ALL
     readOnlyRootFilesystem: true
-    # runAsNonRoot: true
 
   # Optional additional annotations to add to the webhook Deployment
   # deploymentAnnotations: {}
@@ -549,7 +547,6 @@ cainjector:
       drop:
       - ALL
     readOnlyRootFilesystem: true
-    # runAsNonRoot: true
 
 
   # Optional additional annotations to add to the cainjector Deployment
@@ -663,7 +660,6 @@ startupapicheck:
       drop:
       - ALL
     readOnlyRootFilesystem: true
-    # runAsNonRoot: true
 
   # Timeout for 'kubectl check api' command
   timeout: 1m