use dedicated image for projects persistence PVC init tasks

[FlorianLaunay]

Delegate chmod and chgrp tasks to a dedicated init container running as root.

Fixes #1055

SUMMARY

On some storage provisioners, owner of mounted PVCs will not be mapped to the fsGroup security context setting.

So directory modifications at the mount point level like chmod, chown or chgrp will not be possible for a non-root running container.

Solution : modify deployment template roles/installer/templates/deployments/deployment.yaml.j2 to create a second init container dedicated to running tasks related to projects persistence volume

ISSUE TYPE

• Bug, Docs Fix or other nominal change

ADDITIONAL INFORMATION

Tested with operator 0.30.0

[shanemcd]

Sorry, we can't do this. OpenShift and other locked-down flavors of Kubernetes require addition privileges in order to use securityContext. We will need to take a look and see if there is another way of fixing this.

[FlorianLaunay]

Perhaps by using a bare quay.io/centos/centos image for this task instead of _control_plane_ee_image and removing this dedicated securityContext.

Somehow it is like reverting #1012 just for chmod and chgrp.

What do you think about ?

[FlorianLaunay]

Fixed in 761640b

Tested with operator 0.30.0

I will rebase if you are okay

[FlorianLaunay]

@shanemcd is this way better?

[FlorianLaunay]

@TheRealHaoLiu what do you think about this fix for #1055 ?

[bpedersen2]

Looks like a valid approach to me

[bpedersen2]

Tested against devel-HEAD, works nicely.

[shanemcd]

Hello. Apologies for the delay here. I ran the CI checks and they failed. I think this will get resolved with a rebase. Please do that and we'll get this merged ASAP.

[shanemcd]

@rooftopcellist can you help drive this one home?

[FlorianLaunay]

@shanemcd no apologies needed, it is an open source project 😉
Rebase done 👌

[shanemcd]

@FlorianLaunay I appreciate you saying that, and wish more people shared that sentiment. 😅 I just kicked off the CI checks, if the tests pass this will merge.