From 579d6773bd25ca82aeee3f437455ec1753699e2d Mon Sep 17 00:00:00 2001
From: Aaron Layfield <aaron.layfield@gmail.com>
Date: Thu, 21 Oct 2021 09:29:34 +0900
Subject: [PATCH 1/4] Add option to disable initContainer chown update

Signed-off-by: Aaron Layfield <aaron.layfield@gmail.com>
---
 charts/opensearch/CHANGELOG.md               | 5 +++++
 charts/opensearch/Chart.yaml                 | 2 +-
 charts/opensearch/templates/statefulset.yaml | 2 +-
 charts/opensearch/values.yaml                | 2 ++
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md
index 324755cf..b0a18fd3 100644
--- a/charts/opensearch/CHANGELOG.md
+++ b/charts/opensearch/CHANGELOG.md
@@ -13,6 +13,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 ### Security
 
+---
+## [1.2.1]
+### Added
+- Support to disable the initContainer `fsgroup-volume` for chown updates.
+
 ---
 ## [1.0.8]
 ### Added
diff --git a/charts/opensearch/Chart.yaml b/charts/opensearch/Chart.yaml
index 6e28d0ab..e9759988 100644
--- a/charts/opensearch/Chart.yaml
+++ b/charts/opensearch/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.2.0
+version: 1.2.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/opensearch/templates/statefulset.yaml b/charts/opensearch/templates/statefulset.yaml
index acfa46c3..1ed7280d 100644
--- a/charts/opensearch/templates/statefulset.yaml
+++ b/charts/opensearch/templates/statefulset.yaml
@@ -211,7 +211,7 @@ spec:
       {{- end }}
       {{- if or (.Values.extraInitContainers) (.Values.keystore) (.Values.persistence.enabled) }}
       initContainers:
-{{- if .Values.persistence.enabled }}
+{{- if and .Values.persistence.enabled .Values.persistence.enableInitChown }}
       - name: fsgroup-volume
         image: "{{ template "opensearch.dockerRegistry" . }}busybox:latest"
         command: ['sh', '-c']
diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml
index c39ffac4..cdca38eb 100755
--- a/charts/opensearch/values.yaml
+++ b/charts/opensearch/values.yaml
@@ -171,6 +171,8 @@ podSecurityPolicy:
 
 persistence:
   enabled: true
+  # Set to false to disable the `fsgroup-volume` initContainer that will update permissions on the persistent disk. 
+  enableInitChown: false
   labels:
     # Add default labels for the volumeClaimTemplate of the StatefulSet
     enabled: false

From e711e7d5dcbf446c84976174a17c054fe2688757 Mon Sep 17 00:00:00 2001
From: Aaron Layfield <aaron.layfield@gmail.com>
Date: Thu, 21 Oct 2021 09:32:22 +0900
Subject: [PATCH 2/4] True default, not false.

Signed-off-by: Aaron Layfield <aaron.layfield@gmail.com>
---
 charts/opensearch/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml
index cdca38eb..d773f727 100755
--- a/charts/opensearch/values.yaml
+++ b/charts/opensearch/values.yaml
@@ -172,7 +172,7 @@ podSecurityPolicy:
 persistence:
   enabled: true
   # Set to false to disable the `fsgroup-volume` initContainer that will update permissions on the persistent disk. 
-  enableInitChown: false
+  enableInitChown: true
   labels:
     # Add default labels for the volumeClaimTemplate of the StatefulSet
     enabled: false

From ed750de29dc9b11b2bf8cc37a7230e6c1db1d22a Mon Sep 17 00:00:00 2001
From: Aaron Layfield <aaron.layfield@gmail.com>
Date: Thu, 21 Oct 2021 09:33:33 +0900
Subject: [PATCH 3/4] Remove trailing spaces

Signed-off-by: Aaron Layfield <aaron.layfield@gmail.com>
---
 charts/opensearch/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml
index d773f727..62a9dc13 100755
--- a/charts/opensearch/values.yaml
+++ b/charts/opensearch/values.yaml
@@ -171,7 +171,7 @@ podSecurityPolicy:
 
 persistence:
   enabled: true
-  # Set to false to disable the `fsgroup-volume` initContainer that will update permissions on the persistent disk. 
+  # Set to false to disable the `fsgroup-volume` initContainer that will update permissions on the persistent disk.
   enableInitChown: true
   labels:
     # Add default labels for the volumeClaimTemplate of the StatefulSet

From 2281e84d18cbe5421b7c486f142ff89ed46c3a96 Mon Sep 17 00:00:00 2001
From: Aaron Layfield <aaron.layfield@gmail.com>
Date: Wed, 27 Oct 2021 13:06:04 +0900
Subject: [PATCH 4/4] Updating CHANGELOG and README

Signed-off-by: Aaron Layfield <aaron.layfield@gmail.com>
---
 charts/opensearch/CHANGELOG.md | 2 +-
 charts/opensearch/README.md    | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md
index b0a18fd3..4f49e6a4 100644
--- a/charts/opensearch/CHANGELOG.md
+++ b/charts/opensearch/CHANGELOG.md
@@ -14,7 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Security
 
 ---
-## [1.2.1]
+## [1.2.2]
 ### Added
 - Support to disable the initContainer `fsgroup-volume` for chown updates.
 
diff --git a/charts/opensearch/README.md b/charts/opensearch/README.md
index ce3e06b9..f48ff57e 100644
--- a/charts/opensearch/README.md
+++ b/charts/opensearch/README.md
@@ -70,6 +70,7 @@ helm uninstall my-release
 | `nodeGroup`                        | This is the name that will be used for each group of nodes in the cluster. The name will be `clusterName-nodeGroup-X` , `nameOverride-nodeGroup-X` if a `nameOverride` is specified, and `fullnameOverride-X` if a `fullnameOverride` is specified        | `master`                                        |
 | `nodeSelector`                     | Configurable [nodeSelector][] so that you can target specific nodes for your OpenSearch cluster                                                                                                                                                        | `{}`                                            |
 | `persistence`                      | Enables a persistent volume for OpenSearch data.                                                                                      | see [values.yaml][]                             |
+| `persistence.enableInitChown`      | Disable the `fsgroup-volume` initContainer that will update permissions on the persistent disk.                                                                                      | `true`                             |
 | `podAnnotations`                   | Configurable [annotations][] applied to all OpenSearch pods                                                                                                                                                                                            | `{}`                                            |
 | `podManagementPolicy`              | By default Kubernetes [deploys StatefulSets serially][]. This deploys them in parallel so that they can discover each other                                                                                                                               | `Parallel`                                      |
 | `podSecurityContext`               | Allows you to set the [securityContext][] for the pod                                                                                                                                                                                                     | see [values.yaml][]                             |