diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md index ea842298..ba26b4ab 100644 --- a/charts/opensearch/CHANGELOG.md +++ b/charts/opensearch/CHANGELOG.md @@ -13,6 +13,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed ### Security +--- +## [1.2.3] +### Added +- Support to disable the initContainer `fsgroup-volume` for chown updates. + --- ## [1.2.2] ### Added @@ -21,6 +26,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Removed ### Fixed - [Issue #105](https://github.com/opensearch-project/helm-charts/issues/105) OpenSearch chart fails when RBAC is enabled. +### Security + +--- +## [1.2.1] +### Added +### Changed +### Deprecated +### Removed +### Fixed - Missing `labels` key is added into role.yaml. ### Security diff --git a/charts/opensearch/Chart.yaml b/charts/opensearch/Chart.yaml index e9759988..832e4a28 100644 --- a/charts/opensearch/Chart.yaml +++ b/charts/opensearch/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.2 +version: 1.2.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/opensearch/README.md b/charts/opensearch/README.md index ce3e06b9..f48ff57e 100644 --- a/charts/opensearch/README.md +++ b/charts/opensearch/README.md @@ -70,6 +70,7 @@ helm uninstall my-release | `nodeGroup` | This is the name that will be used for each group of nodes in the cluster. The name will be `clusterName-nodeGroup-X` , `nameOverride-nodeGroup-X` if a `nameOverride` is specified, and `fullnameOverride-X` if a `fullnameOverride` is specified | `master` | | `nodeSelector` | Configurable [nodeSelector][] so that you can target specific nodes for your OpenSearch cluster | `{}` | | `persistence` | Enables a persistent volume for OpenSearch data. | see [values.yaml][] | +| `persistence.enableInitChown` | Disable the `fsgroup-volume` initContainer that will update permissions on the persistent disk. | `true` | | `podAnnotations` | Configurable [annotations][] applied to all OpenSearch pods | `{}` | | `podManagementPolicy` | By default Kubernetes [deploys StatefulSets serially][]. This deploys them in parallel so that they can discover each other | `Parallel` | | `podSecurityContext` | Allows you to set the [securityContext][] for the pod | see [values.yaml][] | diff --git a/charts/opensearch/templates/statefulset.yaml b/charts/opensearch/templates/statefulset.yaml index 581b45de..fe770d19 100644 --- a/charts/opensearch/templates/statefulset.yaml +++ b/charts/opensearch/templates/statefulset.yaml @@ -211,7 +211,7 @@ spec: {{- end }} {{- if or (.Values.extraInitContainers) (.Values.keystore) (.Values.persistence.enabled) }} initContainers: -{{- if .Values.persistence.enabled }} +{{- if and .Values.persistence.enabled .Values.persistence.enableInitChown }} - name: fsgroup-volume image: "{{ template "opensearch.dockerRegistry" . }}busybox:latest" command: ['sh', '-c'] diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml index c39ffac4..62a9dc13 100755 --- a/charts/opensearch/values.yaml +++ b/charts/opensearch/values.yaml @@ -171,6 +171,8 @@ podSecurityPolicy: persistence: enabled: true + # Set to false to disable the `fsgroup-volume` initContainer that will update permissions on the persistent disk. + enableInitChown: true labels: # Add default labels for the volumeClaimTemplate of the StatefulSet enabled: false