From 75dde6c79c5278713e9e92585749a99624da0873 Mon Sep 17 00:00:00 2001
From: theautomation <github@theautomation.nl>
Date: Wed, 21 Dec 2022 19:13:37 +0100
Subject: [PATCH] Set security context

---
 deploy/k8s/manifest.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/deploy/k8s/manifest.yaml b/deploy/k8s/manifest.yaml
index f459e98..6bbdc32 100644
--- a/deploy/k8s/manifest.yaml
+++ b/deploy/k8s/manifest.yaml
@@ -103,12 +103,18 @@ spec:
       labels:
         app: radicale
     spec:
+      securityContext:
+        fsGroup: 1000
       containers:
         - name: radicale
           image: "harbor.k8s.lan/k8s/radicale:14"
           resources: {}
-          command: ["docker-entrypoint.sh"]
+          command: ["/bin/sh", "/usr/local/bin/docker-entrypoint.sh"]
           args: ["radicale", "--config", "/config/config"]
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsUser: 1000
+            runAsGroup: 1000
           ports:
             - containerPort: 5232
               protocol: TCP
@@ -124,6 +130,7 @@ spec:
           configMap:
             name: config
         - name: collections
+          # emptyDir: {}
           persistentVolumeClaim:
             claimName: pvc-nfs-radicale-data
       imagePullSecrets: