RHOCP 4.9

EventListeners are running as a root by default on OCP 4.9. This is because the service account attached by default is "pipelines", here is a quick test to reproduce, creating the following yaml:

~~~
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: xxx-cron-listener
spec:
serviceAccountName: pipeline
triggers:

• name: cron-trigger
  template:
  ref: xxx-trigger-template
  ~~~

It results on the eventlistener running as a root:

~~~
$ oc exec el-xxx-cron-listener-69588f665d-hmqbk – id
uid=0(root) gid=0(root) groups=0(root),100081000
~~~

The workaround is as simple as changing the ServiceAccount when creating any EventListener but as we agree, it'd be great to have this non-root access by default to avoid security issues.

Thank you!