From 544f98a8fb143181e0100a3b112440d94e97e292 Mon Sep 17 00:00:00 2001
From: djpbessems <danny@bessems.eu>
Date: Mon, 10 Jun 2024 22:19:29 +1000
Subject: [PATCH] chore: Add Traefik persistent volume permissions workaround

---
 .../bootstrap/roles/metacluster/tasks/ingress.yml           | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
index c675c57..ff2c33f 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
@@ -6,7 +6,11 @@
             initContainers:
               - name: volume-permissions
                 image: busybox:1
-                command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
+                command: ["sh", "-c", "touch /data/acme.json; chown 65532 /data/acme.json; chmod -v 600 /data/acme.json"]
+                securityContext:
+                  runAsNonRoot: false
+                  runAsGroup: 0
+                  runAsUser: 0
                 volumeMounts:
                   - name: data
                     mountPath: /data