From 03051bf9b51e1422dab7db5390cf7b09599fc14b Mon Sep 17 00:00:00 2001
From: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
Date: Wed, 6 Dec 2023 00:25:44 +0100
Subject: [PATCH] fix: rootless keycloak

---
 .kontinuous/values.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml
index 72165bae..cd241be2 100644
--- a/.kontinuous/values.yaml
+++ b/.kontinuous/values.yaml
@@ -183,6 +183,10 @@ keycloakx:
     - name: compile-realm
       image: hairyhenderson/gomplate:v3.10.0-alpine
       imagePullPolicy: IfNotPresent
+      securityContext:
+        allowPrivilegeEscalation: false
+        runAsNonRoot: true
+        runAsUser: 100
       volumeMounts:
       - name: keycloak-realm-tpl
         mountPath: "/realm-tpl/"
@@ -206,6 +210,10 @@ keycloakx:
     - name: fetch-keycloak-providers
       image: curlimages/curl
       imagePullPolicy: IfNotPresent
+      securityContext:
+        allowPrivilegeEscalation: false
+        runAsNonRoot: true
+        runAsUser: 405
       command:
         - sh
       args: