From 530260ad4cb37bb69f8b25ea92a92590333b082b Mon Sep 17 00:00:00 2001
From: Lars Francke <jujutsu@lars-francke.de>
Date: Wed, 7 May 2025 22:25:04 +0200
Subject: [PATCH 1/2] Remove hardcoded uid and gid, they'll default to the ones
 from the docker images now

---
 CHANGELOG.md                                 | 3 +++
 rust/operator-binary/src/hbase_controller.rs | 9 +--------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6026a508..89cdf83b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,8 @@
 - BREAKING: Inject the vector aggregator address into the vector config using the env var `VECTOR_AGGREGATOR_ADDRESS` instead
     of having the operator write it to the vector config ([#645]).
 - test: Bump to Vector `0.46.1` ([#657]).
+- Previously this operator would hardcode the UID and GID of the Pods being created to 1000/0, this has changed now ([#660])
+  - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
 
 ### Fixed
 
@@ -39,6 +41,7 @@
 [#654]: https://github.com/stackabletech/hbase-operator/pull/654
 [#655]: https://github.com/stackabletech/hbase-operator/pull/655
 [#657]: https://github.com/stackabletech/hbase-operator/pull/657
+[#660]: https://github.com/stackabletech/hbase-operator/pull/660
 
 ## [25.3.0] - 2025-03-21
 
diff --git a/rust/operator-binary/src/hbase_controller.rs b/rust/operator-binary/src/hbase_controller.rs
index 376036c6..14081a66 100644
--- a/rust/operator-binary/src/hbase_controller.rs
+++ b/rust/operator-binary/src/hbase_controller.rs
@@ -101,7 +101,6 @@ const HBASE_CONFIG_TMP_DIR: &str = "/stackable/tmp/hbase";
 const HBASE_LOG_CONFIG_TMP_DIR: &str = "/stackable/tmp/log_config";
 
 const DOCKER_IMAGE_BASE_NAME: &str = "hbase";
-const HBASE_UID: i64 = 1000;
 
 pub struct Ctx {
     pub client: stackable_operator::client::Client,
@@ -939,13 +938,7 @@ fn build_rolegroup_statefulset(
         )
         .context(AddVolumeSnafu)?
         .service_account_name(service_account.name_any())
-        .security_context(
-            PodSecurityContextBuilder::new()
-                .run_as_user(HBASE_UID)
-                .run_as_group(0)
-                .fs_group(1000)
-                .build(),
-        );
+        .security_context(PodSecurityContextBuilder::new().fs_group(1000).build());
 
     if let Some(ContainerLogConfig {
         choice:

From 2821737d027bff3b70d6185418a3abf37d261d41 Mon Sep 17 00:00:00 2001
From: Lars Francke <jujutsu@lars-francke.de>
Date: Thu, 8 May 2025 17:28:18 +0200
Subject: [PATCH 2/2] fix changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cccb2d3a..a1f620ef 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,7 @@
   - The `runAsUser` and `runAsGroup` fields will not be set anymore by the operator
   - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
   - This is marked as breaking because tools and policies might exist, which require these fields to be set
+
 ### Fixed
 
 - Use `json` file extension for log files ([#647]).