From 4636168abc8b4b3f43cbb727d37e5585ff9558bc Mon Sep 17 00:00:00 2001
From: Lohit Dave <111415369+lohitdave@users.noreply.github.com>
Date: Thu, 2 Oct 2025 20:28:46 +0530
Subject: [PATCH 1/3] Update nfs-csi-provisioner.yaml

---
 roles/baseline/tasks/nfs-csi-provisioner.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/baseline/tasks/nfs-csi-provisioner.yaml b/roles/baseline/tasks/nfs-csi-provisioner.yaml
index ec501f82..cf816344 100644
--- a/roles/baseline/tasks/nfs-csi-provisioner.yaml
+++ b/roles/baseline/tasks/nfs-csi-provisioner.yaml
@@ -163,6 +163,7 @@
           reclaimPolicy: Delete
           volumeBindingMode: Immediate
           allowVolumeExpansion: true
+          fsGroupPolicy: ReadWriteOnceWithFSType
           mountOptions:
             - "{{ 'nfsvers=3' if (PROVIDER == 'gcp' and STORAGE_TYPE_BACKEND == 'netapp') else ('nfsvers=4.1' if (V4_CFG_RWX_FILESTORE_PATH != '/volumes' and '-export' not in V4_CFG_RWX_FILESTORE_PATH) else 'nfsvers=4.1') }}"
             - nolock

From 190d67f9534ce72c123d66dbbba9e5d7780b7356 Mon Sep 17 00:00:00 2001
From: Lohit Dave <111415369+lohitdave@users.noreply.github.com>
Date: Fri, 3 Oct 2025 14:26:14 +0530
Subject: [PATCH 2/3] Update main.yml

---
 roles/baseline/defaults/main.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml
index f49e14e9..ce50555b 100644
--- a/roles/baseline/defaults/main.yml
+++ b/roles/baseline/defaults/main.yml
@@ -122,7 +122,6 @@ CSI_DRIVER_NFS_CHART_VERSION: 4.11.0
 CSI_DRIVER_NFS_CONFIG:
   driver:
     mountPermissions: "0777"
-    fsGroupPolicy: ReadWriteOnceWithFSType
   storageClass:
     create: true
     name: sas

From a67131d1a24e828115a0f7f84187be3b58c169a9 Mon Sep 17 00:00:00 2001
From: Lohit Dave <111415369+lohitdave@users.noreply.github.com>
Date: Fri, 3 Oct 2025 14:29:05 +0530
Subject: [PATCH 3/3] added patch for fsGroupPolicy in the CSIDriver after Helm
 install

---
 roles/baseline/tasks/nfs-csi-provisioner.yaml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/roles/baseline/tasks/nfs-csi-provisioner.yaml b/roles/baseline/tasks/nfs-csi-provisioner.yaml
index cf816344..5b322f5e 100644
--- a/roles/baseline/tasks/nfs-csi-provisioner.yaml
+++ b/roles/baseline/tasks/nfs-csi-provisioner.yaml
@@ -139,6 +139,21 @@
     - install
     - update
 
+# Patch the fsGroupPolicy in the CSIDriver after Helm install
+- name: Patch fsGroupPolicy in CSIDriver to ReadWriteOnceWithFSType
+  kubernetes.core.k8s:
+    api_version: storage.k8s.io/v1
+    kind: CSIDriver
+    name: nfs.csi.k8s.io
+    kubeconfig: "{{ KUBECONFIG }}"
+    merge_type: merge
+    definition:
+      spec:
+        fsGroupPolicy: ReadWriteOnceWithFSType
+  tags:
+    - install
+    - update
+
 # Create csi-driver-nfs-pg-storage StorageClass for non-AWS/Azure providers
 - name: Create csi-driver-nfs-pg-storage storageClass
   when:
@@ -163,7 +178,6 @@
           reclaimPolicy: Delete
           volumeBindingMode: Immediate
           allowVolumeExpansion: true
-          fsGroupPolicy: ReadWriteOnceWithFSType
           mountOptions:
             - "{{ 'nfsvers=3' if (PROVIDER == 'gcp' and STORAGE_TYPE_BACKEND == 'netapp') else ('nfsvers=4.1' if (V4_CFG_RWX_FILESTORE_PATH != '/volumes' and '-export' not in V4_CFG_RWX_FILESTORE_PATH) else 'nfsvers=4.1') }}"
             - nolock