I’m working with OpenShift 4.3 and an external Vault Server. I installed the Vault webhook and everything works fine and I’m really happy with the webhook. Good work!
Only one little thing is disturbing. The created injector init container in a deployment uses the user 100 and the group 1000. Per default in OpenShift it is forbidden for a normal ServiceAccount to run such a container. I have to grant the ServiceAccount the SCC anyuid, but from security sight that is not optimal.
Though my question is, if it is possible to run the injector init container with a different user and group???
Thanks for your support