Run Weblogic Server PODs with securityContext.runAsUser set to value higher than 10000 (controlled by Weblogic Kubernetes Operator)

[Michalski-Piotr]

Hello,

We are working with customer to deploy OSB/SOA Cloud Native Weblogic Domain in Kubernetes architecture (deployed to the Oracle OCI OKE Kubernetes engine).

There is customer requirement to add securityContext.runAsUser to the value higher than 10000.

 
* AVD-KSV-0020 (LOW): Container 'weblogic-server' of Pod 'osb-domain-adminserver' should set 'securityContext.runAsUser' > 10000
* AVD-KSV-0020 (LOW): Container 'weblogic-server' of Pod 'osb-domain-osb-server1' should set 'securityContext.runAsUser' > 10000
* AVD-KSV-0020 (LOW): Container 'weblogic-server' of Pod 'osb-domain-osb-server2' should set 'securityContext.runAsUser' > 10000

According Weblogic Kubernetes Operator and inside SOA/OSB Cloud Native image downloaded from Oracle Container Registry the image owner UID is set to 1000. Also SOA Cloud Native product by default is using UID uid=1000(oracle).

Reference: https://oracle.github.io/weblogic-kubernetes-operator/security/domain-security/pod-and-container/

Could you elaborate, if Weblogic Kubernetes Operator could operate on the Weblogic Domain that would be running on top of the image, where UID would be changed to 10001 (or other higher than 10000, what are possible consequences or if there are any additional configuration adjustements required, please?

Please also clarify if running with UID 1000 is somehow preferred from Weblogic Kubernetes Operator perspective, please?

Unfortunately without knowing WKO internals it is hard for us to do any risk assessesment about the consequences.

In case using UID higher than 10000 require any Enhancement Request for Weblogic Operator, we would like to raise this Enhancement Request in this issue.

Regards,
Piotr Michalski
Oracle CSS

[Michalski-Piotr]

Customer is using currently Weblogic Kubernetes Operator 4.2.9 and below versions: