Merge pull request kubernetes#3021 from Lujeni/rootless_kubernetes

Run as non-root for kubernetes on VPA

Author: k8s-ci-robot

vertical-pod-autoscaler/deploy/admission-controller-deployment.yaml

@@ -15,6 +15,9 @@ spec:
         app: vpa-admission-controller
     spec:
       serviceAccountName: vpa-admission-controller
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534 # nobody
       containers:
         - name: admission-controller
           image: us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-admission-controller:0.8.0

vertical-pod-autoscaler/deploy/recommender-deployment.yaml

@@ -21,6 +21,9 @@ spec:
         app: vpa-recommender
     spec:
       serviceAccountName: vpa-recommender
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534 # nobody
       containers:
       - name: recommender
         image: us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-recommender:0.8.0

vertical-pod-autoscaler/deploy/updater-deployment.yaml

@@ -21,6 +21,9 @@ spec:
         app: vpa-updater
     spec:
       serviceAccountName: vpa-updater
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534 # nobody
       containers:
         - name: updater
           image: us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-updater:0.8.0

vertical-pod-autoscaler/examples/hamster.yaml

@@ -39,6 +39,9 @@ spec:
       labels:
         app: hamster
     spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534 # nobody
       containers:
         - name: hamster
           image: k8s.gcr.io/ubuntu-slim:0.1