matrix-synapse: Implement volume permissions

Forgot to set a TODO on these flags, and only now done another full test deploy

charts/matrix-synapse/Chart.yaml

@@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg
 appVersion: 1.19.0
 
 type: application
-version: 1.2.0
+version: 1.3.0
 maintainers:
   - name: Alexander Olofsson
     email: ace@haxalot.com

charts/matrix-synapse/templates/deployment.yaml

@@ -32,6 +32,24 @@ spec:
       {{- include "matrix-synapse.imagePullSecrets" . | nindent 6 }}
       securityContext:
         {{- toYaml .Values.synapse.podSecurityContext | nindent 8 }}
+    {{- if $needsVolumePermissions }}
+      initContainers:
+        - name: volume-permissions
+          command:
+            - sh
+            - -c
+            - |
+              chown {{ .Values.volumePermissions.uid }}:{{ .Values.volumePermissions.gid }} -R /synapse/data
+          image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}"
+          resources:
+            {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          securityContext:
+            runAsNonRoot: false
+            runAsUser: 0
+          volumeMounts:
+            - name: media
+              mountPath: /synapse/data
+    {{- end }}
       containers:
         - name: synapse
           command:

charts/matrix-synapse/values.yaml

@@ -534,6 +534,9 @@ persistence:
 volumePermissions:
   enabled: false
 
+  uid: 666
+  gid: 666
+
   image:
     repository: alpine
     tag: latest