From e2ad485759774414d02defb3e1d69f604b968b64 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 12:55:46 +0100
Subject: [PATCH 01/18] sidecar container added

---
 .../stacks/ref-implementation/openbao.yaml    | 35 +++++++++++++++++++
 .../ref-implementation/openbao/values.yaml    | 19 +++++++++-
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml
index 8e286d9..24bbd6f 100644
--- a/template/stacks/ref-implementation/openbao.yaml
+++ b/template/stacks/ref-implementation/openbao.yaml
@@ -32,3 +32,38 @@ spec:
     kind: MutatingWebhookConfiguration
     jqPathExpressions:
     - .webhooks[]?.clientConfig.caBundle
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sidecar-container-alloy-config
+data:
+  config.yaml: |
+    logging {
+      level  = "info"
+      format = "logfmt"
+    }
+
+    loki.write "local_loki" {
+      endpoint {
+          url = "http://loki-loki-distributed-gateway/loki/api/v1/push"
+      }
+    }
+
+    discovery.kubernetes "pod" {
+      role = "pod"
+    }
+
+    discovery.relabel "openbao_pod_logs" {
+      targets = discovery.kubernetes.pod.targets
+
+      rule {
+        source_labels = ["__meta_kubernetes_pod_name"]
+        action = "keep"
+        regex = "openbao-0"
+      }
+
+      forward_to = [loki.write.local_loki.receiver]
+    }
diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index fd12825..3b2a205 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -1,4 +1,21 @@
 server:
+  extraContainers:
+  - name: grafana-alloy
+    image: grafana/alloy:latest
+    ports:
+      - containerPort: 12345
+    volumeMounts:
+      - name: sidecar-container-alloy-config
+        mountPath: /etc/alloy
+        subPath: config.yaml
+    args:
+      - --config.file=/etc/alloy/config.yaml
+
+  extraVolumes:
+    - name: sidecar-container-alloy-config
+      configMap:
+        name: sidecar-container-alloy-config
+
   postStart:
     - sh
     - -c
@@ -16,4 +33,4 @@ server:
       bao audit enable file file_path=stdout
       rm /tmp/init.txt
 ui:
-  enabled: true
+  enabled: true
\ No newline at end of file

From f1d940561d03129280e41a609d8bf137ef31ac5e Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 13:15:47 +0100
Subject: [PATCH 02/18] adjustment of openbao.ymal

---
 template/stacks/ref-implementation/openbao.yaml | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml
index 24bbd6f..d65c7d5 100644
--- a/template/stacks/ref-implementation/openbao.yaml
+++ b/template/stacks/ref-implementation/openbao.yaml
@@ -52,18 +52,3 @@ data:
       }
     }
 
-    discovery.kubernetes "pod" {
-      role = "pod"
-    }
-
-    discovery.relabel "openbao_pod_logs" {
-      targets = discovery.kubernetes.pod.targets
-
-      rule {
-        source_labels = ["__meta_kubernetes_pod_name"]
-        action = "keep"
-        regex = "openbao-0"
-      }
-
-      forward_to = [loki.write.local_loki.receiver]
-    }

From 4b553dd2587a4c8ff610c64a058f4b580d68b21f Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 13:31:43 +0100
Subject: [PATCH 03/18] config map separately

---
 .../stacks/ref-implementation/openbao.yaml    | 20 ------------
 .../sidecar-container-alloy-configmap.yaml    | 32 +++++++++++++++++++
 2 files changed, 32 insertions(+), 20 deletions(-)
 create mode 100644 template/stacks/ref-implementation/openbao/sidecar-container-alloy-configmap.yaml

diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml
index d65c7d5..8e286d9 100644
--- a/template/stacks/ref-implementation/openbao.yaml
+++ b/template/stacks/ref-implementation/openbao.yaml
@@ -32,23 +32,3 @@ spec:
     kind: MutatingWebhookConfiguration
     jqPathExpressions:
     - .webhooks[]?.clientConfig.caBundle
-
----
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: sidecar-container-alloy-config
-data:
-  config.yaml: |
-    logging {
-      level  = "info"
-      format = "logfmt"
-    }
-
-    loki.write "local_loki" {
-      endpoint {
-          url = "http://loki-loki-distributed-gateway/loki/api/v1/push"
-      }
-    }
-
diff --git a/template/stacks/ref-implementation/openbao/sidecar-container-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao/sidecar-container-alloy-configmap.yaml
new file mode 100644
index 0000000..9a62c3f
--- /dev/null
+++ b/template/stacks/ref-implementation/openbao/sidecar-container-alloy-configmap.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sidecar-container-alloy-config
+data:
+  config.yaml: |
+    logging {
+      level  = "info"
+      format = "logfmt"
+    }
+
+    loki.write "local_loki" {
+      endpoint {
+          url = "http://loki-loki-distributed-gateway/loki/api/v1/push"
+      }
+    }
+
+    discovery.kubernetes "pod" {
+      role = "pod"
+    }
+
+    discovery.relabel "openbao_pod_logs" {
+      targets = discovery.kubernetes.pod.targets
+
+      rule {
+        source_labels = ["__meta_kubernetes_pod_name"]
+        action = "keep"
+        regex = "openbao-0"
+      }
+
+      forward_to = [loki.write.local_loki.receiver]
+    }
\ No newline at end of file

From 3eec895f67c3179895b34471bfdfc70407b5f7e0 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 13:46:53 +0100
Subject: [PATCH 04/18] test

---
 .../ref-implementation/openbao/values.yaml    | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 3b2a205..33d6820 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -1,20 +1,20 @@
 server:
-  extraContainers:
-  - name: grafana-alloy
-    image: grafana/alloy:latest
-    ports:
-      - containerPort: 12345
-    volumeMounts:
-      - name: sidecar-container-alloy-config
-        mountPath: /etc/alloy
-        subPath: config.yaml
-    args:
-      - --config.file=/etc/alloy/config.yaml
+  # extraContainers:
+  # - name: grafana-alloy
+  #   image: grafana/alloy:latest
+  #   ports:
+  #     - containerPort: 12345
+  #   volumeMounts:
+  #     - name: sidecar-container-alloy-config
+  #       mountPath: /etc/alloy
+  #       subPath: config.yaml
+  #   args:
+  #     - --config.file=/etc/alloy/config.yaml
 
-  extraVolumes:
-    - name: sidecar-container-alloy-config
-      configMap:
-        name: sidecar-container-alloy-config
+  # extraVolumes:
+  #   - name: sidecar-container-alloy-config
+  #     configMap:
+  #       name: sidecar-container-alloy-config
 
   postStart:
     - sh

From f873cd8aefdb5b3dc2c045365ca30292dfefb023 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 14:00:05 +0100
Subject: [PATCH 05/18] new directory for the configmap

---
 .../openbao-alloy-configmap.yaml              | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 template/stacks/ref-implementation/openbao-alloy-configmap.yaml

diff --git a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
new file mode 100644
index 0000000..4c904e5
--- /dev/null
+++ b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: openbao-alloy-configmap
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    targetRevision: HEAD
+    path: "stacks/ref.implementation/openabo/sidecar-container-alloy-configmap"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: openbao
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      selfHeal: true
+    retry:
+      limit: -1
+      backoff:
+        duration: 15s
+        factor: 1
+        maxDuration: 15s

From 28904376475b7dc092070c93ceae557e3d3287c3 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 14:07:43 +0100
Subject: [PATCH 06/18] 
 ref-implementation/openbao/sidecar-container-alloy-configmap

---
 template/stacks/ref-implementation/openbao-alloy-configmap.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
index 4c904e5..3c8cc4c 100644
--- a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
+++ b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
@@ -12,7 +12,7 @@ spec:
   source:
     repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
-    path: "stacks/ref.implementation/openabo/sidecar-container-alloy-configmap"
+    path: "stacks/ref-implementation/openbao/sidecar-container-alloy-configmap"
   destination:
     server: "https://kubernetes.default.svc"
     namespace: openbao

From deaed1bdccc23964b4b63c44e0ca44ffcd7e77c5 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 14:12:18 +0100
Subject: [PATCH 07/18] path:
 "stacks/ref-implementation/openbao-alloy-configmap"

---
 template/stacks/ref-implementation/openbao-alloy-configmap.yaml | 2 +-
 .../sidecar-container-alloy-configmap.yaml                      | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename template/stacks/ref-implementation/{openbao => openbao-alloy-configmap}/sidecar-container-alloy-configmap.yaml (100%)

diff --git a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
index 3c8cc4c..9daa56a 100644
--- a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
+++ b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
@@ -12,7 +12,7 @@ spec:
   source:
     repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
-    path: "stacks/ref-implementation/openbao/sidecar-container-alloy-configmap"
+    path: "stacks/ref-implementation/openbao-alloy-configmap"
   destination:
     server: "https://kubernetes.default.svc"
     namespace: openbao
diff --git a/template/stacks/ref-implementation/openbao/sidecar-container-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-alloy-configmap/sidecar-container-alloy-configmap.yaml
similarity index 100%
rename from template/stacks/ref-implementation/openbao/sidecar-container-alloy-configmap.yaml
rename to template/stacks/ref-implementation/openbao-alloy-configmap/sidecar-container-alloy-configmap.yaml

From 7b77d870c6598d1e167368f73744d0e5389e9006 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 14:17:13 +0100
Subject: [PATCH 08/18]   extraVolumes:     - name:
 sidecar-container-alloy-config       configMap:         name:
 sidecar-container-alloy-config

---
 template/stacks/ref-implementation/openbao/values.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 33d6820..35b2a20 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -11,10 +11,10 @@ server:
   #   args:
   #     - --config.file=/etc/alloy/config.yaml
 
-  # extraVolumes:
-  #   - name: sidecar-container-alloy-config
-  #     configMap:
-  #       name: sidecar-container-alloy-config
+  extraVolumes:
+    - name: sidecar-container-alloy-config
+      configMap:
+        name: sidecar-container-alloy-config
 
   postStart:
     - sh

From f0632db48be729f0925459cd46877a6ba99bf266 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 14:23:11 +0100
Subject: [PATCH 09/18]   extraContainers:    - name: grafana-alloy      image:
 grafana/alloy:latest      ports:        - containerPort: 12345     
 volumeMounts:        - name: sidecar-container-alloy-config         
 mountPath: /etc/alloy          subPath: config.yaml      args:        -
 --config.file=/etc/alloy/config.yaml

---
 .../ref-implementation/openbao/values.yaml    | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 35b2a20..0c77c5f 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -1,20 +1,20 @@
 server:
-  # extraContainers:
-  # - name: grafana-alloy
-  #   image: grafana/alloy:latest
-  #   ports:
-  #     - containerPort: 12345
-  #   volumeMounts:
-  #     - name: sidecar-container-alloy-config
-  #       mountPath: /etc/alloy
-  #       subPath: config.yaml
-  #   args:
-  #     - --config.file=/etc/alloy/config.yaml
+  extraContainers:
+   - name: grafana-alloy
+     image: grafana/alloy:latest
+     ports:
+       - containerPort: 12345
+     volumeMounts:
+       - name: sidecar-container-alloy-config
+         mountPath: /etc/alloy
+         subPath: config.yaml
+     args:
+       - --config.file=/etc/alloy/config.yaml
 
-  extraVolumes:
-    - name: sidecar-container-alloy-config
-      configMap:
-        name: sidecar-container-alloy-config
+  # extraVolumes:
+  #   - name: sidecar-container-alloy-config
+  #     configMap:
+  #       name: sidecar-container-alloy-config
 
   postStart:
     - sh

From be1c3cee7a75438439a04ddf47793c03589e54f1 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 14:31:26 +0100
Subject: [PATCH 10/18] test

---
 template/stacks/ref-implementation/openbao/values.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 0c77c5f..5a9c951 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -11,10 +11,10 @@ server:
      args:
        - --config.file=/etc/alloy/config.yaml
 
-  # extraVolumes:
-  #   - name: sidecar-container-alloy-config
-  #     configMap:
-  #       name: sidecar-container-alloy-config
+  extraVolumes:
+    - name: sidecar-container-alloy-config
+      configMap:
+        name: sidecar-container-alloy-config
 
   postStart:
     - sh

From 4e673f674d2a97ae813144b7117eaae9b222a18b Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 14:37:58 +0100
Subject: [PATCH 11/18] extraVolumes deprecated

---
 template/stacks/ref-implementation/openbao/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 5a9c951..519ac1c 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -11,7 +11,7 @@ server:
      args:
        - --config.file=/etc/alloy/config.yaml
 
-  extraVolumes:
+  volumes:
     - name: sidecar-container-alloy-config
       configMap:
         name: sidecar-container-alloy-config

From aeca6100f5234f1a2c8aefce643de8b2b54ee37a Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 14:49:33 +0100
Subject: [PATCH 12/18]  /etc/alloy/config.yaml

---
 template/stacks/ref-implementation/openbao/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 519ac1c..3a55345 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -6,7 +6,7 @@ server:
        - containerPort: 12345
      volumeMounts:
        - name: sidecar-container-alloy-config
-         mountPath: /etc/alloy
+         mountPath: /etc/alloy/config.yaml
          subPath: config.yaml
      args:
        - --config.file=/etc/alloy/config.yaml

From 27dc5966e9d3af637a2e11dc303760552a1e1ef8 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 15:05:10 +0100
Subject: [PATCH 13/18]     #  args:     #    -
 --config.file=/etc/alloy/config.yaml

---
 template/stacks/ref-implementation/openbao/values.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 3a55345..23fe45f 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -8,8 +8,8 @@ server:
        - name: sidecar-container-alloy-config
          mountPath: /etc/alloy/config.yaml
          subPath: config.yaml
-     args:
-       - --config.file=/etc/alloy/config.yaml
+    #  args:
+    #    - --config.file=/etc/alloy/config.yaml
 
   volumes:
     - name: sidecar-container-alloy-config

From 872c9dc8e539d44f3a8779ad666c7973ff2408dd Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 15:13:12 +0100
Subject: [PATCH 14/18]   volumes:     - name: alloy-data       emptyDir: {}

---
 .../ref-implementation/openbao/values.yaml    | 31 ++++++++++++-------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 23fe45f..4c2b294 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -1,20 +1,27 @@
 server:
   extraContainers:
-   - name: grafana-alloy
-     image: grafana/alloy:latest
-     ports:
-       - containerPort: 12345
-     volumeMounts:
-       - name: sidecar-container-alloy-config
-         mountPath: /etc/alloy/config.yaml
-         subPath: config.yaml
+    - name: grafana-alloy
+      image: grafana/alloy:latest
+      ports:
+        - containerPort: 12345
+    #  volumeMounts:
+    #    - name: sidecar-container-alloy-config
+    #      mountPath: /etc/alloy/config.yaml
+    #      subPath: config.yaml
     #  args:
     #    - --config.file=/etc/alloy/config.yaml
-
+      volumeMounts:
+        - name: alloy-data
+          mountPath: /var/lib/alloy/data
+    
   volumes:
-    - name: sidecar-container-alloy-config
-      configMap:
-        name: sidecar-container-alloy-config
+    - name: alloy-data
+      emptyDir: {}
+
+  # volumes:
+  #   - name: sidecar-container-alloy-config
+  #     configMap:
+  #       name: sidecar-container-alloy-config
 
   postStart:
     - sh

From c30cf9f380634ee7addb1f83b2f71a5179f1dc74 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 15:26:17 +0100
Subject: [PATCH 15/18] /tmp/alloy/data

---
 template/stacks/ref-implementation/openbao/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 4c2b294..8d025c1 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -12,7 +12,7 @@ server:
     #    - --config.file=/etc/alloy/config.yaml
       volumeMounts:
         - name: alloy-data
-          mountPath: /var/lib/alloy/data
+          mountPath: /tmp/alloy/data
     
   volumes:
     - name: alloy-data

From 8617e200ea64f35af4940996c5748b1c34deb4c0 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 15:30:50 +0100
Subject: [PATCH 16/18]       securityContext:         runAsUser: 1000        
 fsGroup: 1000

---
 template/stacks/ref-implementation/openbao/values.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 8d025c1..41e08cb 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -12,7 +12,10 @@ server:
     #    - --config.file=/etc/alloy/config.yaml
       volumeMounts:
         - name: alloy-data
-          mountPath: /tmp/alloy/data
+          mountPath: /var/lib/alloy/data
+      securityContext:
+        runAsUser: 1000
+        fsGroup: 1000
     
   volumes:
     - name: alloy-data

From 46072b8f8185d2e69d5acbe71b64a120664741b5 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 15:34:43 +0100
Subject: [PATCH 17/18] runAsUser: 0

---
 template/stacks/ref-implementation/openbao/values.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 41e08cb..74d85ec 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -14,8 +14,7 @@ server:
         - name: alloy-data
           mountPath: /var/lib/alloy/data
       securityContext:
-        runAsUser: 1000
-        fsGroup: 1000
+        runAsUser: 0
     
   volumes:
     - name: alloy-data

From e993c274b014bff196675b8bcb4dbd4c6d201fe0 Mon Sep 17 00:00:00 2001
From: miwr <michal.wrobel@telekom.de>
Date: Mon, 17 Mar 2025 15:41:18 +0100
Subject: [PATCH 18/18] runAsUser: 1000      # Run as non-root user        
 fsGroup: 1000

---
 template/stacks/ref-implementation/openbao/values.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
index 74d85ec..41e08cb 100644
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -14,7 +14,8 @@ server:
         - name: alloy-data
           mountPath: /var/lib/alloy/data
       securityContext:
-        runAsUser: 0
+        runAsUser: 1000
+        fsGroup: 1000
     
   volumes:
     - name: alloy-data