From 28f8dd7d84b4e72c0e7a3c5912a121f368429ee7 Mon Sep 17 00:00:00 2001
From: Tom Klapiscak <7372253+tomklapiscak@users.noreply.github.com>
Date: Thu, 1 Aug 2024 19:23:01 +0100
Subject: [PATCH] [patch] remove need for root access in argocd repo
 initContainer (#1156)

https://jsw.ibm.com/browse/MASCORE-3427
---
 .../cli/mascli/templates/gitops/bootstrap/argocd.yaml  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml
index c7128de1e6..8edc494104 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml
@@ -1329,8 +1329,8 @@ spec:
           - >-
             curl -L
             https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v\$(AVP_VERSION)/argocd-vault-plugin_\$(AVP_VERSION)_linux_amd64
-            -o argocd-vault-plugin && chmod +x argocd-vault-plugin && mv
-            argocd-vault-plugin /custom-tools/
+            -o /tmp/argocd-vault-plugin && chmod +x /tmp/argocd-vault-plugin && mv
+            /tmp/argocd-vault-plugin /tmp/custom-tools/
         command:
           - sh
           - '-c'
@@ -1340,10 +1340,12 @@ spec:
         image: registry.access.redhat.com/ubi8
         name: download-tools
         securityContext:
-          allowPrivilegeEscalation: true
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          runAsUser: 999
         resources: {}
         volumeMounts:
-          - mountPath: /custom-tools
+          - mountPath: /tmp/custom-tools
             name: custom-tools
     mountsatoken: true
     resources: