From 63aa6a167f86fbb183f5461abdef63652ae626d5 Mon Sep 17 00:00:00 2001
From: amalsom10 <asoman@verticalscope.com>
Date: Tue, 31 Mar 2026 01:20:31 -0400
Subject: [PATCH 1/2] [stable/redis-ha] fix hostPath chown init container
 permissions

Run the hostpath-chown init container with an explicit root securityContext so hostPath ownership changes work as documented. Also set ownership as uid:gid and keep imagePullPolicy aligned with other init containers.

Made-with: Cursor
Signed-off-by: amalsom10 <asoman@verticalscope.com>
---
 charts/redis-ha/templates/redis-ha-statefulset.yaml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/charts/redis-ha/templates/redis-ha-statefulset.yaml b/charts/redis-ha/templates/redis-ha-statefulset.yaml
index eeb54c2..c8c318b 100644
--- a/charts/redis-ha/templates/redis-ha-statefulset.yaml
+++ b/charts/redis-ha/templates/redis-ha-statefulset.yaml
@@ -129,11 +129,19 @@ spec:
 {{- if and .Values.hostPath.path .Values.hostPath.chown }}
       - name: hostpath-chown
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        # hostPath ownership changes require root privileges.
+        securityContext:
+          runAsUser: 0
+          runAsGroup: 0
+          runAsNonRoot: false
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
         resources: {{ toYaml .Values.init.resources | nindent 10 }}
         command:
         - chown
-        - "{{ .Values.containerSecurityContext.runAsUser }}"
+        - "{{ .Values.containerSecurityContext.runAsUser }}:{{ default .Values.containerSecurityContext.runAsUser .Values.securityContext.fsGroup }}"
         - /data
         volumeMounts:
         - name: data

From f954fab45898c2358d4f6b551574ec61ffd88a27 Mon Sep 17 00:00:00 2001
From: amalsom10 <asoman@verticalscope.com>
Date: Tue, 31 Mar 2026 01:50:07 -0400
Subject: [PATCH 2/2] [stable/redis-ha] bump chart version for hostPath chown
 fix

Bump redis-ha chart version to include the hostPath chown init-container permission fix in this PR.

Signed-off-by: amalsom10 <asoman@verticalscope.com>
Made-with: Cursor
Signed-off-by: amalsom10 <asoman@verticalscope.com>
---
 charts/redis-ha/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/redis-ha/Chart.yaml b/charts/redis-ha/Chart.yaml
index d92cdcb..51e5eef 100644
--- a/charts/redis-ha/Chart.yaml
+++ b/charts/redis-ha/Chart.yaml
@@ -5,7 +5,7 @@ keywords:
 - redis
 - keyvalue
 - database
-version: 4.35.10
+version: 4.35.11
 appVersion: 8.2.4
 description: This Helm chart provides a highly available Redis implementation with a master/slave configuration and uses Sentinel sidecars for failover management
 icon: https://img.icons8.com/external-tal-revivo-shadow-tal-revivo/24/external-redis-an-in-memory-data-structure-project-implementing-a-distributed-logo-shadow-tal-revivo.png