From 4ecb3520c880cf1458753c436928ad167598bb36 Mon Sep 17 00:00:00 2001
From: dylan-bitovi <67594226+dylan-bitovi@users.noreply.github.com>
Date: Mon, 28 Feb 2022 10:10:57 -0500
Subject: [PATCH] Add fsGroup value to admission-webhooks/job-patch charts
 (#8267)

* added fsGroup to admission createSecret and patchWebhook job

* added fsGroup to admission createSecret and patchWebhook job

* modified helm/README.md to add value for fsGroup

* fixed patch job values ordering

* remove manually edited README for replacement with helm-docs generated version

* re-adding charts/README.md generated by helm-docs
---
 charts/ingress-nginx/README.md                                   | 1 +
 .../templates/admission-webhooks/job-patch/job-createSecret.yaml | 1 +
 .../templates/admission-webhooks/job-patch/job-patchWebhook.yaml | 1 +
 charts/ingress-nginx/values.yaml                                 | 1 +
 4 files changed, 4 insertions(+)

diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md
index e5e93a146..8336e0912 100644
--- a/charts/ingress-nginx/README.md
+++ b/charts/ingress-nginx/README.md
@@ -250,6 +250,7 @@ Kubernetes: `>=1.19.0-0`
 | controller.admissionWebhooks.namespaceSelector | object | `{}` |  |
 | controller.admissionWebhooks.objectSelector | object | `{}` |  |
 | controller.admissionWebhooks.patch.enabled | bool | `true` |  |
+| controller.admissionWebhooks.patch.fsGroup | int | `2000` |  |
 | controller.admissionWebhooks.patch.image.digest | string | `"sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660"` |  |
 | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` |  |
 | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` |  |
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
index e57bfde49..f20e247f9 100644
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -72,4 +72,5 @@ spec:
       securityContext:
         runAsNonRoot: true
         runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
+        fsGroup: {{ .Values.controller.admissionWebhooks.patch.fsGroup }}
 {{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
index 4f8ba14db..8583685fa 100644
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -74,4 +74,5 @@ spec:
       securityContext:
         runAsNonRoot: true
         runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
+        fsGroup: {{ .Values.controller.admissionWebhooks.patch.fsGroup }}
 {{- end }}
diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml
index eb6db4a05..bae135c3e 100644
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@@ -641,6 +641,7 @@ controller:
       # -- Labels to be added to patch job resources
       labels: {}
       runAsUser: 2000
+      fsGroup: 2000
 
   metrics:
     port: 10254