From f1ff03ebd5711738904d9d364e9e5080f6c6cf1c Mon Sep 17 00:00:00 2001
From: 1012Charan <charanvengala@gmail.com>
Date: Mon, 11 Aug 2025 12:42:39 +0530
Subject: [PATCH 1/2] Add pod-level SecurityContext to slice gateway pod spec

- Adds a default pod-level securityContext to both server and client gateway pods.
- Follows best practices for container security.

Signed-off-by: Charan Naidu <charannaiduvengala@gmail.com>
Signed-off-by: 1012Charan <charanvengala@gmail.com>
---
 controllers/slicegateway/slicegateway.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/controllers/slicegateway/slicegateway.go b/controllers/slicegateway/slicegateway.go
index cbe9a95f1..7a5836fc8 100644
--- a/controllers/slicegateway/slicegateway.go
+++ b/controllers/slicegateway/slicegateway.go
@@ -168,6 +168,13 @@ func (r *SliceGwReconciler) deploymentForGatewayServer(g *kubeslicev1beta1.Slice
 					},
 				},
 				Spec: corev1.PodSpec{
+					// Pod-level security context for best practices
+					SecurityContext: &corev1.PodSecurityContext{
+						RunAsNonRoot: func(b bool) *bool { return &b }(true),
+						RunAsUser:    func(i int64) *int64 { return &i }(1000),
+						FSGroup:      func(i int64) *int64 { return &i }(2000),
+					},
+					// Pod-level security context for best practices
 					ServiceAccountName: "vpn-gateway-server",
 					Affinity: &corev1.Affinity{
 						NodeAffinity: &corev1.NodeAffinity{
@@ -467,6 +474,12 @@ func (r *SliceGwReconciler) deploymentForGatewayClient(g *kubeslicev1beta1.Slice
 					},
 				},
 				Spec: corev1.PodSpec{
+					// Pod-level security context for best practices
+					SecurityContext: &corev1.PodSecurityContext{
+						RunAsNonRoot: func(b bool) *bool { return &b }(true),
+						RunAsUser:    func(i int64) *int64 { return &i }(1000),
+						FSGroup:      func(i int64) *int64 { return &i }(2000),
+					},
 					ServiceAccountName: "vpn-gateway-client",
 					Affinity: &corev1.Affinity{
 						NodeAffinity: &corev1.NodeAffinity{

From 465d6dcd297a1607dac21d944010b49653d35990 Mon Sep 17 00:00:00 2001
From: 1012Charan <charanvengala@gmail.com>
Date: Tue, 12 Aug 2025 18:16:09 +0530
Subject: [PATCH 2/2] Fix: Update Go version in test.Dockerfile

The build was failing because the Go version used in the test.Dockerfile was 1.23.2, but a dependency required Go 1.24.0 or newer. This commit updates the Go version to 1.24.0 to fix the build.

Signed-off-by: 1012Charan <charanvengala@gmail.com>
---
 test.Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/test.Dockerfile b/test.Dockerfile
index af8a8cd33..916bc3fc6 100644
--- a/test.Dockerfile
+++ b/test.Dockerfile
@@ -1,4 +1,8 @@
+<<<<<<< HEAD
 FROM golang:1.23.3 AS builder
+=======
+FROM golang:1.24.0 AS builder
+>>>>>>> b6bcef51 (Fix: Update Go version in test.Dockerfile)
 
 WORKDIR /workspace
 # Copy the Go Modules manifests