From 81ff786443406b91752b962248e75e2f4e6bd3a9 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 7 Sep 2025 12:15:12 -0500
Subject: [PATCH] ci: Fix pod UIDs/GIDs

Now that we have _democratic-csi_ for storage management, the old manual
iSCSI volumes are being replaced with dynamically provisioned volumes.
ThiThe new _buildroot-airplaypi_ volume is completely blank, so _root_
owns everything.  The old volume had the correct ownership because it
was originally mounted in a pod that had the default `securityContext`,
before we changed the merge strategy.  We now need to explicitly set the
UIDs and GIDs, since we're not inheriting the default `securityContext`
anymore.
---
 ci/podTemplate.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml
index 798c308..070a5e8 100644
--- a/ci/podTemplate.yaml
+++ b/ci/podTemplate.yaml
@@ -25,6 +25,9 @@ spec:
   nodeSelector:
     kubernetes.io/arch: amd64
   securityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
     seLinuxOptions:
       level: s0:c596,c675