[enterprise-logs] Make fsGroup configurable for deploying admin-api on OpenShift

[basvdl]

In order to deploy on OpenShift we need to be able to configure the fsGroup for the admin-api deployment.

https://github.com/grafana/helm-charts/blob/main/charts/enterprise-logs/templates/admin-api/deployment-admin-api.yaml#L45

Add same logic seen in the other deployments, to make the security context configurable via the users values.yaml.

[ssncferreira]

@basvdl by looking at the values.yaml file, the Admin API fsGroup is not configurable due to the following:

helm-charts/charts/enterprise-logs/values.yaml

Lines 221 to 227 in 837900e

	# -- Run container as user `enterprise-logs(uid=10001)`
	# `fsGroup` must not be specified, because these security options are applied
	# on container level not on Pod level.
	securityContext:
	runAsNonRoot: true
	runAsGroup: 10001
	runAsUser: 10001

This was updated in issue: #687

@chaudum what do you think about this?

[chaudum]

@basvdl Could you explain in more detail why this is necessary on OpenShift?

[chaudum]

Does a simple configurable fsGroup value help in this case? https://github.com/grafana/helm-charts/compare/chaudum/issue-922?expand=1

[basvdl]

@chaudum I'm not an OpenShift expert... But OpenShift uses SecurityContexts which allows a range of uid's that can be used for runAsUser, runAsGroup and fsGroup. During my last GEL deployment on OpenShift, the customer was not able to create a custom SecurityContext and needed to change the fsGroup. We did this after the deployment by manually changing the yaml on the cluster.

The suggested change looks good to me! Thanks!

[ssncferreira]

Closing the issue as a fix was already merged as part of PR #957
Thank you @chaudum for the fix and the help 🙏