From dd420b851ccf114cf00cdd4c1b9311bc11e83c98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Limpinho?=
 <53994778+TomasLimpinho@users.noreply.github.com>
Date: Sun, 9 Nov 2025 19:51:10 +0000
Subject: [PATCH] a

---
 roles/stolon/files/stolon-keeper.yaml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/roles/stolon/files/stolon-keeper.yaml b/roles/stolon/files/stolon-keeper.yaml
index d251c3c..83d8a99 100644
--- a/roles/stolon/files/stolon-keeper.yaml
+++ b/roles/stolon/files/stolon-keeper.yaml
@@ -23,8 +23,6 @@ spec:
         prometheus.io/scrape: "true"
         prometheus.io/port: "8080"
     spec:
-      securityContext:
-        fsGroup: 1000
       imagePullSecrets:
       - name: regcred
       terminationGracePeriodSeconds: 10
@@ -36,6 +34,7 @@ spec:
             - "-ec"
             - |
               id stolon
+              id root
               # Generate our keeper uid using the pod index
               IFS='-' read -ra ADDR <<< "$(hostname)"
               export STKEEPER_UID="keeper${ADDR[-1]}"
@@ -43,9 +42,13 @@ spec:
               export STKEEPER_PG_LISTEN_ADDRESS=$POD_IP
               mkdir -p /stolon-data/data
               export STOLON_DATA=/stolon-data/data
-              chown stolon:stolon /stolon-data
-              chown stolon:stolon $STOLON_DATA
-              exec gosu stolon stolon-keeper --data-dir $STOLON_DATA
+              chown root:root /stolon-data
+              chown root:root $STOLON_DATA
+              exec gosu root stolon-keeper --data-dir $STOLON_DATA
+          securityContext:
+            runAsUser: 0
+            runAsGroup: 0
+            allowPrivilegeEscalation: true
           env:
             - name: POD_NAME
               valueFrom: