fix(opendj): non root user permission (#554)

* docs: customization * docs: add lifecycle to all services * docs: indentation per service * helm chart - add only needed config * fixes and adding more configurations * add missing bracket * fix(opendj): non root user permission * fix: user root can't be exploited from within the container
GluuFederation · Jun 12, 2023 · dcbaab3 · dcbaab3
1 parent ff30eb2
commit dcbaab3
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/statefulset.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/statefulset.yaml
@@ -64,12 +64,15 @@ spec:
 {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- end }}
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
       containers:
       - name: {{ include "opendj.name" $ }}
         lifecycle:
 {{- toYaml .Values.lifecycle | nindent 10 }}
         securityContext:
-          runAsUser: 1000
           runAsNonRoot: true
         imagePullPolicy: {{ $.Values.image.pullPolicy }}
         image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"