From cf1be891addbe984236412a2b00610b2edc6087e Mon Sep 17 00:00:00 2001
From: SeanOMik <seanomik@gmail.com>
Date: Thu, 1 Jun 2023 22:26:42 -0400
Subject: [PATCH] change authentik security context

---
 cluster/apps/authentik/helm-release.yaml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/cluster/apps/authentik/helm-release.yaml b/cluster/apps/authentik/helm-release.yaml
index c540146..cc81d28 100644
--- a/cluster/apps/authentik/helm-release.yaml
+++ b/cluster/apps/authentik/helm-release.yaml
@@ -16,6 +16,18 @@ spec:
         name: authentik-charts
         namespace: flux-system
   values:
+    containerSecurityContext: &securityContext
+      runAsUser: 10000
+      runAsGroup: 10000
+      fsGroup: 10000
+      fsGroupChangePolicy: OnRootMismatch
+
+    worker:
+      containerSecurityContext: *securityContext
+
+    geoip:
+      containerSecurityContext: *securityContext
+
     authentik:
 #      secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
       # This sends anonymous usage-data, stack traces on errors and
@@ -35,8 +47,8 @@ spec:
 #        password: "${SECRET_DATABASE_REDIS_PASS}"
     
     env:
-      AUTHENTIK_HOST: https://auth.${SECRET_NEW_DOMAIN}
-      AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_NEW_DOMAIN}
+      AUTHENTIK_HOST: *host
+      AUTHENTIK_HOST_BROWSER: *host
     
     envValueFrom:
       AUTHENTIK_SECRET_KEY: