Sprinkle fsGroupChangePolicy on like magic!

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>

apps-helm/code-server/templates/deployment.yaml

@@ -32,6 +32,7 @@ spec:
       {{- if .Values.securityContext.enabled }}
       securityContext:
         fsGroup: {{ .Values.securityContext.fsGroup }}
+        fsGroupChangePolicy: "OnRootMismatch" # There's a chmod already, and no other setup is using this volume!
       {{- end }}
       {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
       initContainers:

apps-helm/samba4/values.yaml

@@ -21,6 +21,7 @@ fullnameOverride: ""
 
 podSecurityContext:
   fsGroup: 1000
+  fsGroupChangePolicy: "OnRootMismatch"
 
 samba:
   global:

apps-kustomized/nextcloud/deploy.yaml

@@ -102,6 +102,7 @@ spec:
       schedulerName: default-scheduler
       securityContext:
         fsGroup: 33
+        fsGroupChangePolicy: OnRootMismatch
       terminationGracePeriodSeconds: 30
       volumes:
       - name: nextcloud-main