run init containers as uid 1000

nicktrn · nicktrn · commit 4523ca45eeba · 2025-06-25T15:26:35.000+01:00
diff --git a/hosting/k8s/helm/templates/supervisor.yaml b/hosting/k8s/helm/templates/supervisor.yaml
@@ -70,16 +70,17 @@ spec:
       {{- end }}
     spec:
       serviceAccountName: {{ include "trigger-v4.supervisorServiceAccountName" . }}
-      {{- with .Values.supervisor.podSecurityContext }}
       securityContext:
+        fsGroup: 1000
+        {{- with .Values.supervisor.podSecurityContext }}
         {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- end }}
       initContainers:
         - name: init-shared
           image: busybox:1.35
-          command: ['sh', '-c', 'mkdir -p /home/node/shared && chown 1000:1000 /home/node/shared']
+          command: ['sh', '-c', 'mkdir -p /home/node/shared']
           securityContext:
-            runAsUser: 0
+            runAsUser: 1000
           volumeMounts:
             - name: shared
               mountPath: /home/node/shared
diff --git a/hosting/k8s/helm/templates/webapp.yaml b/hosting/k8s/helm/templates/webapp.yaml
@@ -24,13 +24,16 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       securityContext:
-        {{- toYaml .Values.webapp.podSecurityContext | nindent 8 }}
+        fsGroup: 1000
+        {{- with .Values.webapp.podSecurityContext }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
       initContainers:
         - name: init-shared
           image: busybox:1.35
-          command: ['sh', '-c', 'mkdir -p /home/node/shared && chown 1000:1000 /home/node/shared']
+          command: ['sh', '-c', 'mkdir -p /home/node/shared']
           securityContext:
-            runAsUser: 0
+            runAsUser: 1000
           volumeMounts:
             - name: shared
               mountPath: /home/node/shared
