From f7e74681516e5893bd9073c38ce56f55a19a75c9 Mon Sep 17 00:00:00 2001
From: Cesar Celis Hernandez <celis.hernandez.cesar@gmail.com>
Date: Tue, 29 Aug 2023 16:40:57 -0600
Subject: [PATCH] Kustomize: Skip recursive permission change (#1745)

---
 examples/kustomization/base/tenant.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/examples/kustomization/base/tenant.yaml b/examples/kustomization/base/tenant.yaml
index 62703ff1b9c..b5fa6da95e6 100644
--- a/examples/kustomization/base/tenant.yaml
+++ b/examples/kustomization/base/tenant.yaml
@@ -200,12 +200,16 @@ spec:
               storage: 1Ti
           storageClassName: standard
         status: { }
-      ## Configure security context
+      ## Configure Pod's security context
+      ## We recommend to skip the recursive permission change by using
+      ## fsGroupChangePolicy as OnRootMismatch because it can be pretty
+      ## expensive for larger volumes with lots of small files.
       securityContext:
         runAsUser: 1000
         runAsGroup: 1000
         runAsNonRoot: true
         fsGroup: 1000
+        fsGroupChangePolicy: "OnRootMismatch"
       ## Configure container security context
       containerSecurityContext:
         runAsUser: 1000