From 3d851c69a71e6734268b76a5d970d61248778d56 Mon Sep 17 00:00:00 2001
From: Pavel Tumik <18602811+sagor999@users.noreply.github.com>
Date: Fri, 21 Oct 2022 17:42:30 +0000
Subject: [PATCH] [pvc] add init container to workspace to chown pvc mount
 folder

---
 components/ws-manager/pkg/manager/create.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/components/ws-manager/pkg/manager/create.go b/components/ws-manager/pkg/manager/create.go
index 9df292831e332d..13c0fe94feec73 100644
--- a/components/ws-manager/pkg/manager/create.go
+++ b/components/ws-manager/pkg/manager/create.go
@@ -590,6 +590,21 @@ func (m *Manager) createDefiniteWorkspacePod(startContext *startWorkspaceContext
 			gitpodGUID := int64(133332)
 			pod.Spec.SecurityContext.FSGroup = &gitpodGUID
 
+			// add init container to chown workspace subpath, so that it is owned by gitpod user (there is no k8s native way of doing this as of right now)
+			pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{
+				Name:            "chown-workspace",
+				Image:           "busybox",
+				ImagePullPolicy: corev1.PullIfNotPresent,
+				Command:         []string{"chown", "-v", "133332:133332", "/workspace"},
+				VolumeMounts: []corev1.VolumeMount{
+					{
+						Name:      workspaceVolumeName,
+						SubPath:   "workspace",
+						MountPath: "/workspace",
+					},
+				},
+			})
+
 		case api.WorkspaceFeatureFlag_PROTECTED_SECRETS:
 			for _, c := range pod.Spec.Containers {
 				if c.Name != "workspace" {