From 9ac7285a72dc93b91febe02b44ae6ca76d39cae7 Mon Sep 17 00:00:00 2001
From: Jonathan Innis <jonathan.innis.ji@gmail.com>
Date: Mon, 11 Mar 2024 15:44:40 -0700
Subject: [PATCH] chore: Correct security context to use `nonroot` user (#5819)

---
 charts/karpenter/templates/deployment.yaml | 4 ++--
 charts/karpenter/values.yaml               | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/karpenter/templates/deployment.yaml b/charts/karpenter/templates/deployment.yaml
index 4b4f9450a569..d1994b3485b9 100644
--- a/charts/karpenter/templates/deployment.yaml
+++ b/charts/karpenter/templates/deployment.yaml
@@ -59,8 +59,8 @@ spec:
       containers:
         - name: controller
           securityContext:
-            runAsUser: 65536
-            runAsGroup: 65536
+            runAsUser: 65532
+            runAsGroup: 65532
             runAsNonRoot: true
             seccompProfile:
               type: RuntimeDefault
diff --git a/charts/karpenter/values.yaml b/charts/karpenter/values.yaml
index fe9001e8eff8..9d6d27394f3f 100644
--- a/charts/karpenter/values.yaml
+++ b/charts/karpenter/values.yaml
@@ -46,7 +46,7 @@ podDisruptionBudget:
   maxUnavailable: 1
 # -- SecurityContext for the pod.
 podSecurityContext:
-  fsGroup: 65536
+  fsGroup: 65532
 # -- PriorityClass name for the pod.
 priorityClassName: system-cluster-critical
 # -- Override the default termination grace period for the pod.