From a313f3bdc25aab9e31ec37b09a1877f3cde27a2c Mon Sep 17 00:00:00 2001
From: titver968 <vermesan@hotmail.com>
Date: Thu, 27 Nov 2025 12:12:50 +0100
Subject: [PATCH] mm security context

---
 argocd/apps/mattermost/mattermnost.yaml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/argocd/apps/mattermost/mattermnost.yaml b/argocd/apps/mattermost/mattermnost.yaml
index fffc778..b3bbf7d 100644
--- a/argocd/apps/mattermost/mattermnost.yaml
+++ b/argocd/apps/mattermost/mattermnost.yaml
@@ -22,7 +22,6 @@ spec:
             storageClass: "longhorn"
             size: 10Gi
 
-        # Service Name für Kompatibilität
         fullnameOverride: "mattermost-postgresql"
 
   destination:
@@ -73,6 +72,13 @@ spec:
           externalDriverType: "postgres"
           externalConnectionString: "mmdbuser:mmdbpwd@mattermost-postgresql:5432/mattermost?sslmode=disable&connect_timeout=10"
 
+        # WICHTIG: Security Context für korrekte Volume-Berechtigungen
+        # Mattermost läuft als UID 2000, GID 2000
+        securityContext:
+          fsGroup: 2000
+          runAsUser: 2000
+          runAsGroup: 2000
+
         # Ingress Konfiguration
         ingress:
           enabled: true
@@ -84,7 +90,7 @@ spec:
               secretName: mattermost-tls
           annotations:
             kubernetes.io/ingress.class: traefik
-            cert-manager.io/cluster-issuer: lets-encrypt
+            cert-manager.io/cluster-issuer: lets-encrypt-staging
 
   destination:
     server: 'https://kubernetes.default.svc'