From afc82bc6723429fa654c49ab26db7d2d02661dae Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Tue, 29 Jun 2021 22:27:05 +0100
Subject: [PATCH] Fix volumePermissions for media repository worker

---
 charts/matrix-synapse/templates/deployment.yaml       |  1 +
 .../matrix-synapse/templates/worker-deployment.yaml   | 11 ++++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml
index 61d2092..095795f 100644
--- a/charts/matrix-synapse/templates/deployment.yaml
+++ b/charts/matrix-synapse/templates/deployment.yaml
@@ -47,6 +47,7 @@ spec:
             - |
               chown {{ .Values.volumePermissions.uid }}:{{ .Values.volumePermissions.gid }} -R /synapse/data
           image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}"
+          imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy }}
           resources:
             {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
           securityContext:
diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml
index dfbf0b9..e36b034 100644
--- a/charts/matrix-synapse/templates/worker-deployment.yaml
+++ b/charts/matrix-synapse/templates/worker-deployment.yaml
@@ -39,10 +39,15 @@ spec:
     {{- if and $needsVolumePermissions (eq $name "media-repository") }}
       initContainers:
         - name: volume-permissions
-          command: ["chown", "-R", "666:666", "/synapse/data"]
-          image: "{{ $.Values.volumePermissions.repository }}:{{ $.Values.volumePermissions.tag }}"
-          imagePullPolicy: {{ $.Values.volumePermissions.pullPolicy }}
+          command:
+            - sh
+            - -c
+            - |
+              chown {{ $.Values.volumePermissions.uid }}:{{ $.Values.volumePermissions.gid }} -R /synapse/data
+          image: "{{ $.Values.volumePermissions.image.repository }}:{{ $.Values.volumePermissions.image.tag }}"
+          imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy }}
           securityContext:
+            runAsNonRoot: false
             runAsUser: 0
           resources: {{ $.Values.volumePermissions.resources | toYaml | nindent 12 }}
           volumeMounts: