build: add securityContext and fix rabbitMQ cookie

[viktoriaas]

Details

For details see issue #232

Note
PR includes old commits from my repo. However, they are not relevant anymore and I removed the changes as they were not good. Only commits from 17 March 2022 are relevant.

[uniqueg]

Thanks @viktoriaas. I would like to see some comment about this being added to the deployment instructions, as I understand that (some of) this is optional. So basically mention what can be enabled, how it can be enabled, and under which circumstances this would be necessary/recommended.

Otherwise it looks fine to me. However, I'm probably not the right person for a more technical review. Maybe @zagganas and @lvarin could have a look? Also to see if this breaks anything on OpenShift.

[lvarin]

What is this for? why is it necessary?

[viktoriaas]

I already explained in issue #233 . If rabbitMQ deployment is restarted (e.g. due to cluster failure) rabbitMQ cookie has incorrect permissions after restart ( rw-rw---- instead of rw-------). This is solved by chmod in main container before calling rabbitmq.

[lvarin]

The idea is to put the information about this workaround in the code itself (deployment/templates/rabbitmq/rabbitmq-deployment.yaml). Otherwise no one will ever find this information.

[viktoriaas]

comment added, is it ok now?

[viktoriaas]

@lvarin @zagganas @uniqueg
I added a section explaining securityContext to README and also created an individual field for mongodb.initContainer.runAsRoot. I understand that there most probably exist clusters with not so strict security policy so there can exist combination where deployment is run under non-root but you want to keep init container as well. Are requested changes resolved?

[uniqueg]

Looks good to me. @lvarin and/or @zagganas?