Only assign UID if using the community image (#81)

* Only assign UID if using the community image

Signed-off-by: Lucas Caparelli <[email protected]>

* Increase golintci timeout

.github/workflows/nexus-operator-integration-checks.yml

@@ -27,6 +27,7 @@ jobs:
         with:
           # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
           version: v1.27
+          args: --timeout=2m
 
   unit_test:
     name: Unit Tests

pkg/controller/nexus/resource/deployment/deployment.go

@@ -89,7 +89,6 @@ func newDeployment(nexus *v1alpha1.Nexus) *appsv1.Deployment {
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: meta.DefaultObjectMeta(nexus),
 				Spec: corev1.PodSpec{
-					SecurityContext: &corev1.PodSecurityContext{FSGroup: &nexusUID, RunAsUser: &nexusUID, SupplementalGroups: []int64{nexusUID}},
 					Containers: []corev1.Container{
 						{
 							Name: nexusContainerName,
@@ -117,6 +116,7 @@ func newDeployment(nexus *v1alpha1.Nexus) *appsv1.Deployment {
 	addProbes(nexus, deployment)
 	applyJVMArgs(nexus, deployment)
 	addServiceAccount(nexus, deployment)
+	applySecurityContext(nexus, deployment)
 
 	return deployment
 }
@@ -261,3 +261,11 @@ func addServiceAccount(nexus *v1alpha1.Nexus, deployment *appsv1.Deployment) {
 		deployment.Spec.Template.Spec.ServiceAccountName = nexus.Name
 	}
 }
+
+func applySecurityContext(nexus *v1alpha1.Nexus, deployment *appsv1.Deployment) {
+	var podSecContext *corev1.PodSecurityContext
+	if !nexus.Spec.UseRedHatImage {
+		podSecContext = &corev1.PodSecurityContext{FSGroup: &nexusUID, RunAsUser: &nexusUID, SupplementalGroups: []int64{nexusUID}}
+	}
+	deployment.Spec.Template.Spec.SecurityContext = podSecContext
+}