apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
  name: k8spsprunasuser
spec:
  applyTo:
  - groups: [""]
    kinds: ["Pod"]
    versions: ["v1"]
  location: "spec.containers[name:*].securityContext.runAsUser"
  parameters:
    pathTests:
    - subPath: "spec.containers[name:*].securityContext.runAsUser"
      condition: MustNotExist
    assign:
      value: 1000
---
apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
  name: k8spsprunasuser-init
spec:
  applyTo:
  - groups: [""]
    kinds: ["Pod"]
    versions: ["v1"]
  location: "spec.initContainers[name:*].securityContext.runAsUser"
  parameters:
    pathTests:
    - subPath: "spec.initContainers[name:*].securityContext.runAsUser"
      condition: MustNotExist
    assign:
      value: 1000