add fsGroup

2025-01-31 11:12:41 +01:00 · 2025-01-31 11:12:41 +01:00 · ca1c423020
commit ca1c423020
parent 56b8805f97
2 changed files with 53 additions and 52 deletions
--- a/keycloak/base/keycloak-deployment.yaml
+++ b/keycloak/base/keycloak-deployment.yaml
@ -15,56 +15,57 @@ spec:
      labels:
        app: keycloak
    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
      containers:
-      - name: keycloak
-        image: quay.io/keycloak/keycloak:26.1
-        args:
-        - "start"
-        - "--verbose"
-        env:
-        - name: KC_HOSTNAME_STRICT
-          value: "false"
-        - name: KC_HOSTNAME_STRICT_HTTPS
-          value: "false"
-        - name: KC_HTTP_ENABLED
-          value: "true"
-        - name: KEYCLOAK_USER
-          value: admin
-        - name: KEYCLOAK_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: keycloak-admin-secret
-              key: password
-        - name: KC_BOOTSTRAP_ADMIN_USERNAME
-          value: "admin"
-        - name: KC_BOOTSTRAP_ADMIN_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: keycloak-admin-secret
-              key: password
-        - name: KC_HEALTH_ENABLED
-          value: "true"
-        - name: KC_PROXY
-          value: "edge"
-        ports:
-        - name: http
-          containerPort: 8080
-        readinessProbe:
-          httpGet:
-            path: /health/ready
-            port: 9000
-          initialDelaySeconds: 15 # Delay before the probe starts
-          periodSeconds: 15
-          timeoutSeconds: 3
-          successThreshold: 1 # Number of successful probes to consider the pod ready
-          failureThreshold: 5
-        volumeMounts:
-          - mountPath: /opt/keycloak/data/h2/
-            name: storage
-        securityContext:
-          runAsUser: 1000
-          runAsGroup: 1000
+        - name: keycloak
+          image: quay.io/keycloak/keycloak:26.1
+          args:
+            - "start"
+            - "--verbose"
+          env:
+            - name: KC_HOSTNAME_STRICT
+              value: "false"
+            - name: KC_HOSTNAME_STRICT_HTTPS
+              value: "false"
+            - name: KC_HTTP_ENABLED
+              value: "true"
+            - name: KEYCLOAK_USER
+              value: admin
+            - name: KEYCLOAK_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: keycloak-admin-secret
+                  key: password
+            - name: KC_BOOTSTRAP_ADMIN_USERNAME
+              value: "admin"
+            - name: KC_BOOTSTRAP_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: keycloak-admin-secret
+                  key: password
+            - name: KC_HEALTH_ENABLED
+              value: "true"
+            - name: KC_PROXY
+              value: "edge"
+          ports:
+            - name: http
+              containerPort: 8080
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 9000
+            initialDelaySeconds: 15 # Delay before the probe starts
+            periodSeconds: 15
+            timeoutSeconds: 3
+            successThreshold: 1 # Number of successful probes to consider the pod ready
+            failureThreshold: 5
+          volumeMounts:
+            - mountPath: /opt/keycloak/data/h2/
+              name: storage
      volumes:
-      - name: storage
-        persistentVolumeClaim:
-          claimName: keycloak-pvc
+        - name: storage
+          persistentVolumeClaim:
+            claimName: keycloak-pvc
--- a/keycloak/keycloak-application.yaml
+++ b/keycloak/keycloak-application.yaml
@ -7,7 +7,7 @@ spec:
  project: default
  source:
    repoURL: https://platform.sunet.se/streams/streams-manifests.git
-    targetRevision: streams-manifests-2025-01-31-v17
+    targetRevision: streams-manifests-2025-01-31-v18
    path: keycloak/overlays/test
  destination:
    server: https://kubernetes.default.svc