outposts: run containers as non root (#5212)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/outposts/controllers/k8s/deployment.py

@@ -108,7 +108,6 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
                             V1ObjectReference(name=secret) for secret in image_pull_secrets
                         ],
                         security_context=V1PodSecurityContext(
-                            run_as_non_root=True,
                             seccomp_profile=V1SeccompProfile(
                                 type="RuntimeDefault",
                             ),
@@ -157,6 +156,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
                                     ),
                                 ],
                                 security_context=V1SecurityContext(
+                                    run_as_non_root=True,
                                     allow_privilege_escalation=False,
                                     capabilities=V1Capabilities(
                                         drop=["ALL"],

ldap.Dockerfile

@@ -23,4 +23,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
 
 EXPOSE 3389 6636 9300
 
+USER 1000
+
 ENTRYPOINT ["/ldap"]

proxy.Dockerfile

@@ -36,4 +36,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
 
 EXPOSE 9000 9300 9443
 
+USER 1000
+
 ENTRYPOINT ["/proxy"]

radius.Dockerfile

@@ -23,4 +23,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
 
 EXPOSE 1812/udp 9300
 
+USER 1000
+
 ENTRYPOINT ["/radius"]