From d0b0b0d087173291da9570112ef19a328cfc265f Mon Sep 17 00:00:00 2001
From: Philip Gough <philip.p.gough@gmail.com>
Date: Mon, 13 May 2024 10:33:38 +0100
Subject: [PATCH] ci: Add runAsGroup for Grafana Deployment

---
 jsonnet/kube-prometheus/components/grafana.libsonnet | 3 +++
 manifests/grafana-deployment.yaml                    | 1 +
 2 files changed, 4 insertions(+)

diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet
index f002e3c7..72aec924 100644
--- a/jsonnet/kube-prometheus/components/grafana.libsonnet
+++ b/jsonnet/kube-prometheus/components/grafana.libsonnet
@@ -116,6 +116,9 @@ function(params)
         template+: {
           spec+: {
             automountServiceAccountToken: false,
+            securityContext+: {
+              runAsGroup: 65534,
+            },
           },
         },
       },
diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml
index d7a6a5fb..1b65b4c6 100644
--- a/manifests/grafana-deployment.yaml
+++ b/manifests/grafana-deployment.yaml
@@ -152,6 +152,7 @@ spec:
         kubernetes.io/os: linux
       securityContext:
         fsGroup: 65534
+        runAsGroup: 65534
         runAsNonRoot: true
         runAsUser: 65534
       serviceAccountName: grafana
-- 
GitLab