From e02001c92e0f1eb5c08cdbb536355417d9000faf Mon Sep 17 00:00:00 2001
From: Jan Zickermann <jan.zickermann@dataport.de>
Date: Fri, 13 Dec 2024 15:51:28 +0100
Subject: [PATCH] #2 OZG-7121 helm: Run as user 185

---
 keystore-truststore-from-tls-secret.dockerfile | 3 ++-
 src/main/helm/templates/deployment.yaml        | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/keystore-truststore-from-tls-secret.dockerfile b/keystore-truststore-from-tls-secret.dockerfile
index a1a32fa..7e7625e 100644
--- a/keystore-truststore-from-tls-secret.dockerfile
+++ b/keystore-truststore-from-tls-secret.dockerfile
@@ -2,8 +2,9 @@ FROM alpine:3.21
 
 RUN apk add --no-cache openssl openjdk11
 
-COPY src/main/resources/store/keystore-truststore-from-tls-secret.sh /opt/
+COPY --chown=185 src/main/resources/store/keystore-truststore-from-tls-secret.sh /opt/
 
 VOLUME /store /tls
+USER 185
 
 ENTRYPOINT [ "/bin/sh", "/opt/keystore-truststore-from-tls-secret.sh" ]
\ No newline at end of file
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index e07e2a7..7ea7752 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -61,6 +61,8 @@ spec:
         - name: init-keystore-and-truststore
           image: docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest
           command: ["/bin/sh", "/opt/keystore-truststore-from-tls-secret.sh"]
+          securityContext:
+            runAsUser: 185
           volumeMounts:
             - name: xta-test-server-tls-store
               mountPath: "/tls/"
-- 
GitLab