Add non-root end-to-end test cases to credentials test suite

[unexge]

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[jiaeenie]

Shall we change this line as well? Such as replacing "uid=1000", "gid=2000" with

fmt.Sprintf("uid=%d", defaultNonRootUser),
fmt.Sprintf("gid=%d", defaultNonRootGroup))

And this line and this line to use the variable defaultNonRootGroup.

[unexge]

Good suggestion @jiaeenie! Addressed with 1c0014d

[muddyfish]

Is there a way to pass in keyword arguments here? Right now I can't understand what these boolean arguments are for.

[unexge]

Go doesn't support named arguments, usually structs are used if such a thing is desired, but I think it'd make this more verbose. Since this is a local helper function and not used outside this test-case, I think I'd prefer current one.

[muddyfish]

Why are we always changing this even if the test explicitly set the security context?

[unexge]

If you instantiate Kubernetes testing framework with LevelRestricted, it sets this to true, meaning all containers in the Pod must run as non-root (i.e., not 0).

Since this is a generic helper function and gets called from different security levels, we're just making sure to set it to false, so we can spawn our privileged container needed to create cache directory. The other containers created for this Pod would probably have their RunAsUser set to non-root (due to security level), so we just need to remove this restriction at Pod-level for our container.

This whole ensureCacheDirExistsInNode is very hacky due to fact Mountpoint running in the host and hopefully this will go away with running Mountpoint inside container.