From 607530812d68433da2da8e3d4f0b8d531edba94a Mon Sep 17 00:00:00 2001
From: Arun Barua <arun.barua@e2open.com>
Date: Mon, 20 May 2024 09:11:26 +0100
Subject: [PATCH] feat(config): run temporal ui as non-root temporal user

---
 internal/resource/ui/deployment_builder.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/internal/resource/ui/deployment_builder.go b/internal/resource/ui/deployment_builder.go
index d5e2d75f..22f29c6d 100644
--- a/internal/resource/ui/deployment_builder.go
+++ b/internal/resource/ui/deployment_builder.go
@@ -148,7 +148,11 @@ func (b *DeploymentBuilder) Update(object client.Object) error {
 			TerminationGracePeriodSeconds: ptr.To[int64](30),
 			DNSPolicy:                     corev1.DNSClusterFirst,
 			SchedulerName:                 corev1.DefaultSchedulerName,
-			SecurityContext:               &corev1.PodSecurityContext{},
+			SecurityContext: &corev1.PodSecurityContext{
+				RunAsUser:    ptr.To[int64](5000),
+				RunAsGroup:   ptr.To[int64](5000),
+				RunAsNonRoot: ptr.To[bool](true),
+			},
 		},
 	}