diff --git a/apps/authentik/deployment.yaml b/apps/authentik/deployment.yaml index 1b53cfd..12aceb9 100644 --- a/apps/authentik/deployment.yaml +++ b/apps/authentik/deployment.yaml @@ -52,6 +52,21 @@ spec: app: authentik component: server spec: + # InitContainer: Setze Berechtigungen für /media + initContainers: + - name: init-media-permissions + image: busybox:latest + command: ["sh", "-c"] + args: + - | + mkdir -p /media/public /media/private + chmod -R 777 /media + chown -R 1000:1000 /media || true + securityContext: + runAsUser: 0 + volumeMounts: + - name: media + mountPath: /media containers: - name: authentik image: ghcr.io/goauthentik/server:2025.10.3 @@ -66,6 +81,10 @@ spec: name: authentik-config - secretRef: name: authentik-secrets + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 readinessProbe: httpGet: path: /-/health/ready/ @@ -107,6 +126,21 @@ spec: app: authentik component: worker spec: + # InitContainer: Setze Berechtigungen für /media + initContainers: + - name: init-media-permissions + image: busybox:latest + command: ["sh", "-c"] + args: + - | + mkdir -p /media/public /media/private + chmod -R 777 /media + chown -R 1000:1000 /media || true + securityContext: + runAsUser: 0 + volumeMounts: + - name: media + mountPath: /media containers: - name: authentik image: ghcr.io/goauthentik/server:2025.10.3 @@ -116,6 +150,10 @@ spec: name: authentik-config - secretRef: name: authentik-secrets + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 volumeMounts: - name: media mountPath: /media