[pvc] add init container to workspace to chown pvc mount folder

gitpod-io · Oct 24, 2022 · 3d851c6 · 3d851c6
1 parent cb83111
commit 3d851c6
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/components/ws-manager/pkg/manager/create.go b/components/ws-manager/pkg/manager/create.go
@@ -590,6 +590,21 @@ func (m *Manager) createDefiniteWorkspacePod(startContext *startWorkspaceContext
 			gitpodGUID := int64(133332)
 			pod.Spec.SecurityContext.FSGroup = &gitpodGUID
 
+			// add init container to chown workspace subpath, so that it is owned by gitpod user (there is no k8s native way of doing this as of right now)
+			pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{
+				Name:            "chown-workspace",
+				Image:           "busybox",
+				ImagePullPolicy: corev1.PullIfNotPresent,
+				Command:         []string{"chown", "-v", "133332:133332", "/workspace"},
+				VolumeMounts: []corev1.VolumeMount{
+					{
+						Name:      workspaceVolumeName,
+						SubPath:   "workspace",
+						MountPath: "/workspace",
+					},
+				},
+			})
+
 		case api.WorkspaceFeatureFlag_PROTECTED_SECRETS:
 			for _, c := range pod.Spec.Containers {
 				if c.Name != "workspace" {