From 35ffd6d682481dd66ba653185d13671a2a07e0c5 Mon Sep 17 00:00:00 2001
From: Maurice Escher <maurice.escher@sap.com>
Date: Fri, 8 Mar 2024 13:11:41 +0100
Subject: [PATCH] [rabbitmq] fix permissions if persistence is enabled

`fsGroupChangePolicy: "OnRootMismatch"`does not work for NFS mounts
(also see kubernetes/examples/issues/260)
---
 common/rabbitmq/Chart.yaml                 |  2 +-
 common/rabbitmq/templates/deployment.yaml  | 12 ++++++++++++
 common/rabbitmq/templates/statefulset.yaml | 12 ++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/common/rabbitmq/Chart.yaml b/common/rabbitmq/Chart.yaml
index 86ecb5ce765..95052845b98 100644
--- a/common/rabbitmq/Chart.yaml
+++ b/common/rabbitmq/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: rabbitmq
-version: 0.6.5
+version: 0.6.6
 description: A Helm chart for RabbitMQ
 sources:
 - https://github.com/sapcc/helm-charts/common/rabbitmq
diff --git a/common/rabbitmq/templates/deployment.yaml b/common/rabbitmq/templates/deployment.yaml
index 193ed7fc660..6e43dd097d9 100644
--- a/common/rabbitmq/templates/deployment.yaml
+++ b/common/rabbitmq/templates/deployment.yaml
@@ -57,6 +57,18 @@ spec:
         runAsGroup: 999
         fsGroup: 999
         fsGroupChangePolicy: "OnRootMismatch"
+      {{- if .Values.persistence.enabled }}
+      initContainers:
+      - name: volume-permissions
+        image: "{{include "dockerHubMirror" .}}/library/busybox"
+        imagePullPolicy: {{ default "IfNotPresent" .Values.imagePullPolicy | quote }}
+        command: ["/bin/chown", "-R", "999:999", "/var/lib/rabbitmq"]
+        securityContext:
+          runAsUser: 0
+        volumeMounts:
+          - mountPath: /var/lib/rabbitmq
+            name: rabbitmq-persistent-storage
+      {{- end }}
       containers:
       - name: rabbitmq
         image: "{{include "dockerHubMirror" .}}/{{ .Values.image }}:{{.Values.imageTag }}"
diff --git a/common/rabbitmq/templates/statefulset.yaml b/common/rabbitmq/templates/statefulset.yaml
index 7fc21acc33c..effa2701c4e 100644
--- a/common/rabbitmq/templates/statefulset.yaml
+++ b/common/rabbitmq/templates/statefulset.yaml
@@ -49,6 +49,18 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         fsGroup: 999
+      {{- if .Values.persistence.enabled }}
+      initContainers:
+      - name: volume-permissions
+        image: "{{include "dockerHubMirror" .}}/library/busybox"
+        imagePullPolicy: {{ default "IfNotPresent" .Values.imagePullPolicy | quote }}
+        command: ["/bin/chown", "-R", "999:999", "/var/lib/rabbitmq"]
+        securityContext:
+          runAsUser: 0
+        volumeMounts:
+          - mountPath: /var/lib/rabbitmq
+            name: rabbitmq-persistent-storage
+      {{- end }}
       containers:
       - name: rabbitmq
         image: "{{include "dockerHubMirror" .}}/{{ .Values.image }}:{{.Values.imageTag }}"