From aa51bf02f486d4bc1ee559bc52c524ccd09f9b06 Mon Sep 17 00:00:00 2001
From: David BENQUE <dbenque@amadeus.com>
Date: Wed, 31 Oct 2018 19:39:32 +0100
Subject: [PATCH 1/3] remove docker.io from image name (to run in openshift)

---
 examples/bookinfo.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/examples/bookinfo.yaml b/examples/bookinfo.yaml
index af6666f..c0470c4 100644
--- a/examples/bookinfo.yaml
+++ b/examples/bookinfo.yaml
@@ -42,7 +42,7 @@ spec:
     spec:
       containers:
       - name: details
-        image: docker.io/istio/examples-bookinfo-details-v1:1.8.0
+        image: istio/examples-bookinfo-details-v1:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -77,7 +77,7 @@ spec:
     spec:
       containers:
       - name: ratings
-        image: docker.io/istio/examples-bookinfo-ratings-v1:1.8.0
+        image: istio/examples-bookinfo-ratings-v1:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -112,7 +112,7 @@ spec:
     spec:
       containers:
       - name: reviews
-        image: docker.io/istio/examples-bookinfo-reviews-v1:1.8.0
+        image: istio/examples-bookinfo-reviews-v1:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -131,7 +131,7 @@ spec:
     spec:
       containers:
       - name: reviews
-        image: docker.io/istio/examples-bookinfo-reviews-v2:1.8.0
+        image: istio/examples-bookinfo-reviews-v2:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -150,7 +150,7 @@ spec:
     spec:
       containers:
       - name: reviews
-        image: docker.io/istio/examples-bookinfo-reviews-v3:1.8.0
+        image: istio/examples-bookinfo-reviews-v3:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -185,7 +185,7 @@ spec:
     spec:
       containers:
       - name: productpage
-        image: docker.io/istio/examples-bookinfo-productpage-v1:1.8.0
+        image: istio/examples-bookinfo-productpage-v1:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080

From 6cfa9f3110d32848d9531b4b4c9490472f266f92 Mon Sep 17 00:00:00 2001
From: David BENQUE <dbenque@amadeus.com>
Date: Tue, 6 Nov 2018 10:15:34 +0100
Subject: [PATCH 2/3] change scc of default SA to nonroot

---
 README.md                                                    | 2 +-
 .../templates/istio-pod-network-controller.yaml              | 2 ++
 chart/istio-pod-network-controller/values.yaml               | 5 +++--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 18b37f0..4e2df71 100644
--- a/README.md
+++ b/README.md
@@ -123,7 +123,7 @@ Execute the following commands:
 ```
 oc new-project bookinfo
 oc annotate namespace bookinfo istio-pod-network-controller/initialize=true
-oc adm policy add-scc-to-user anyuid -z default -n bookinfo
+oc adm policy add-scc-to-user nonroot -z default -n bookinfo
 oc apply -f <(istioctl kube-inject -f examples/bookinfo.yaml) -n bookinfo
 oc expose svc productpage -n bookinfo
 ```
diff --git a/chart/istio-pod-network-controller/templates/istio-pod-network-controller.yaml b/chart/istio-pod-network-controller/templates/istio-pod-network-controller.yaml
index f4ca1c0..501b992 100644
--- a/chart/istio-pod-network-controller/templates/istio-pod-network-controller.yaml
+++ b/chart/istio-pod-network-controller/templates/istio-pod-network-controller.yaml
@@ -151,6 +151,8 @@ data:
       - name: istio-init
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+        securityContext:
+          runAsUser: {{ .Values.image.runAsUser }}
         args: 
         - init
         volumeMounts:
diff --git a/chart/istio-pod-network-controller/values.yaml b/chart/istio-pod-network-controller/values.yaml
index 72d095f..b5a7963 100644
--- a/chart/istio-pod-network-controller/values.yaml
+++ b/chart/istio-pod-network-controller/values.yaml
@@ -11,9 +11,10 @@ crioSocket: /var/run/crio/crio.sock
 runcRoot: /run/runc
 
 image:
-  repository: quay.io/raffaelespazzoli/istio-pod-network-controller
-  tag: latest
+  repository: dbenque/istio-pod-network-controller
+  tag: v1
   pullPolicy: IfNotPresent
+  runAsUser: 1337
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious

From 0e13eb9b7b6b9e8ac9f69a750c51e5b541806a1a Mon Sep 17 00:00:00 2001
From: David BENQUE <dbenque@amadeus.com>
Date: Tue, 6 Nov 2018 10:19:55 +0100
Subject: [PATCH 3/3] put repo back to quay.io/raffaelespazzoli

---
 chart/istio-pod-network-controller/values.yaml |  2 +-
 examples/bookinfo.yaml                         | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/chart/istio-pod-network-controller/values.yaml b/chart/istio-pod-network-controller/values.yaml
index b5a7963..61e2d4c 100644
--- a/chart/istio-pod-network-controller/values.yaml
+++ b/chart/istio-pod-network-controller/values.yaml
@@ -11,7 +11,7 @@ crioSocket: /var/run/crio/crio.sock
 runcRoot: /run/runc
 
 image:
-  repository: dbenque/istio-pod-network-controller
+  repository: quay.io/raffaelespazzoli/istio-pod-network-controller
   tag: v1
   pullPolicy: IfNotPresent
   runAsUser: 1337
diff --git a/examples/bookinfo.yaml b/examples/bookinfo.yaml
index c0470c4..af6666f 100644
--- a/examples/bookinfo.yaml
+++ b/examples/bookinfo.yaml
@@ -42,7 +42,7 @@ spec:
     spec:
       containers:
       - name: details
-        image: istio/examples-bookinfo-details-v1:1.8.0
+        image: docker.io/istio/examples-bookinfo-details-v1:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -77,7 +77,7 @@ spec:
     spec:
       containers:
       - name: ratings
-        image: istio/examples-bookinfo-ratings-v1:1.8.0
+        image: docker.io/istio/examples-bookinfo-ratings-v1:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -112,7 +112,7 @@ spec:
     spec:
       containers:
       - name: reviews
-        image: istio/examples-bookinfo-reviews-v1:1.8.0
+        image: docker.io/istio/examples-bookinfo-reviews-v1:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -131,7 +131,7 @@ spec:
     spec:
       containers:
       - name: reviews
-        image: istio/examples-bookinfo-reviews-v2:1.8.0
+        image: docker.io/istio/examples-bookinfo-reviews-v2:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -150,7 +150,7 @@ spec:
     spec:
       containers:
       - name: reviews
-        image: istio/examples-bookinfo-reviews-v3:1.8.0
+        image: docker.io/istio/examples-bookinfo-reviews-v3:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080
@@ -185,7 +185,7 @@ spec:
     spec:
       containers:
       - name: productpage
-        image: istio/examples-bookinfo-productpage-v1:1.8.0
+        image: docker.io/istio/examples-bookinfo-productpage-v1:1.8.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080