From af64106050dca59823d6d7402536f004619de3a1 Mon Sep 17 00:00:00 2001
From: Michal Fojtik <mfojtik@redhat.com>
Date: Tue, 2 Oct 2018 11:16:20 +0200
Subject: [PATCH] fix selinux errors in lock dirs

---
 .../bootstrap-manifests/kube-controller-manager-pod.yaml     | 5 ++++-
 .../manifests/kube-controller-manager-daemonset.yaml         | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/bindata/bootkube/bootstrap-manifests/kube-controller-manager-pod.yaml b/bindata/bootkube/bootstrap-manifests/kube-controller-manager-pod.yaml
index 27a537838..d13d10776 100644
--- a/bindata/bootkube/bootstrap-manifests/kube-controller-manager-pod.yaml
+++ b/bindata/bootkube/bootstrap-manifests/kube-controller-manager-pod.yaml
@@ -13,7 +13,6 @@ spec:
   hostNetwork: true
   securityContext:
     supplementalGroups: [65534]
-    privileged: true
   initContainers:
   - name: setup-lock-dir
     image: {{ .Image }}
@@ -32,6 +31,10 @@ spec:
       name: var-lock
   containers:
   - name: kube-controller-manager
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+      privileged: true
     image: {{ .Image }}
     imagePullPolicy: {{ .ImagePullPolicy }}
     command: ["/usr/bin/flock", "--exclusive", "--timeout=60", "/var/lock/controller-manager.lock", "-c"]
diff --git a/bindata/bootkube/manifests/kube-controller-manager-daemonset.yaml b/bindata/bootkube/manifests/kube-controller-manager-daemonset.yaml
index 9851c3ed4..c603638b0 100644
--- a/bindata/bootkube/manifests/kube-controller-manager-daemonset.yaml
+++ b/bindata/bootkube/manifests/kube-controller-manager-daemonset.yaml
@@ -31,7 +31,7 @@ spec:
         imagePullPolicy: {{ .ImagePullPolicy }}
         command: ["/usr/bin/flock", "--exclusive", "--timeout=60", "/var/lock/controller-manager.lock", "-c"]
         args:
-        - exec hyperkube kube-controller-manager --openshift-config=/etc/kubernetes/config/{{ .ConfigFileName }} --kubeconfig=/etc/kubernetes/secrets/kubeconfig --master=https://kubernetes.default.svc
+        - exec hyperkube kube-controller-manager --openshift-config=/etc/kubernetes/config/{{ .ConfigFileName }} --kubeconfig=/etc/kubernetes/secrets/kubeconfig
         securityContext:
           runAsNonRoot: true
           runAsUser: 65534