From bd72b1f6ec860bfd69f02d00021485a5112ce0ca Mon Sep 17 00:00:00 2001
From: "David A. Symons" <david_ext@algo1.ai>
Date: Thu, 23 Apr 2026 10:50:11 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20fix:=20correct=20security=20cont?=
 =?UTF-8?q?ext=20UIDs=20to=20match=20Sequin=20image=20(1000,=20not=201001)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Sequin Docker image (sequin/sequin) creates its `app` user via
`useradd --create-home app` which assigns UID/GID 1000 on Debian.
The chart defaults were set to 1001 (Bitnami convention for
Bitnami-built images), causing permission errors on fresh installs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 values.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/values.yaml b/values.yaml
index 56abaef..00862cc 100644
--- a/values.yaml
+++ b/values.yaml
@@ -253,7 +253,7 @@ podSecurityContext:
   fsGroupChangePolicy: Always
   sysctls: []
   supplementalGroups: []
-  fsGroup: 1001
+  fsGroup: 1000
 ## Configure Container Security Context
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 ## @param containerSecurityContext.enabled Enabled containers' Security Context
@@ -270,8 +270,8 @@ podSecurityContext:
 containerSecurityContext:
   enabled: true
   seLinuxOptions: {}
-  runAsUser: 1001
-  runAsGroup: 1001
+  runAsUser: 1000
+  runAsGroup: 1000
   runAsNonRoot: true
   privileged: false
   readOnlyRootFilesystem: true