From 85d0b5e73a93f793c5ba97e0ba7388a944a086c5 Mon Sep 17 00:00:00 2001 From: Benedith Mulongo Date: Thu, 30 Jan 2025 17:53:01 +0100 Subject: [PATCH] Add security context for permission Signed-off-by: Benedith Mulongo --- keycloak/base/keycloak-deployment.yaml | 15 +++------------ keycloak/keyckoak-application.yaml | 2 +- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/keycloak/base/keycloak-deployment.yaml b/keycloak/base/keycloak-deployment.yaml index 905a20f..14eb245 100644 --- a/keycloak/base/keycloak-deployment.yaml +++ b/keycloak/base/keycloak-deployment.yaml @@ -23,12 +23,6 @@ spec: - "start" - "--hostname=keycloak-test.streams.sunet.se" - "--verbose" - # args: [ "start" ] - # args: - # - "start" - # # - "--https-certificate-file=/etc/ssl/certs/cert.pem"+ - # # - "--https-certificate-key-file=/etc/ssl/certs/key.pem" - # - "--verbose" env: - name: KC_HTTP_ENABLED value: "true" @@ -78,12 +72,9 @@ spec: - name: keycloak-tls-secret mountPath: /etc/ssl/certs readOnly: true - # command: - # # - /opt/keycloak/bin/kc.sh - # - start - # - --https-certificate-file=/etc/ssl/certs/cert.pem - # - --https-certificate-key-file=/etc/ssl/certs/key.pem - # - --verbose + securityContext: + runAsUser: 1000 + runAsGroup: 1000 volumes: - name: storage persistentVolumeClaim: diff --git a/keycloak/keyckoak-application.yaml b/keycloak/keyckoak-application.yaml index 798c821..45bd53d 100644 --- a/keycloak/keyckoak-application.yaml +++ b/keycloak/keyckoak-application.yaml @@ -7,7 +7,7 @@ spec: project: default source: repoURL: https://platform.sunet.se/streams/streams-manifests.git - targetRevision: streams-manifests-2025-01-30-v53 + targetRevision: streams-manifests-2025-01-30-v56 path: keycloak/overlays/test destination: server: https://kubernetes.default.svc