Incorrect documentation reference for postgres_security_context_settings

[edward2a]

Please confirm the following

• [X] I agree to follow this project's code of conduct.
• [X] I have checked the current issues for duplicates.
• [X] I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.

Bug Summary

The 'postgres_security_context_settings' field refers to pod-level security context, but this is incorrect. The current template is setting the postgres container level security context which does not support the same features as pod security context (like fsGroup).

AWX Operator version

latest

AWX version

Whatever is deployed with latest operator

Kubernetes platform

kubernetes

Kubernetes/Platform version

Irrelevant

Modifications

no

Steps to reproduce

Deploy a k8s cluster with the csi-driver-nfs (https://github.com/kubernetes-csi/csi-driver-nfs). Use the csi-driver-nfs as the storage class for the postgres volume.

Expected results

Postgres pod starts normally and AWX is deployed successfully.

Actual results

Postgres pod goes in a startup error loop due to no access to the data directory and AWX is never deployed.

Additional information

This can be addressed with the init container, but kubernetes provides a facility tied up to the fsGroup parameter that adjusts the permissions on the target volume or the fsGroup itself can be defined to match file system group, thus making the init container fix redundant.

Operator Logs

root@test:~# k logs -n awx awx-postgres-15-0
mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied
root@test:~#

[edward2a]

Related: https://github.com/ansible/awx-operator/issues/1775

[edward2a]

Possible duplicate, but the proposed solution exposes both pod and container level security context: https://github.com/ansible/awx-operator/pull/1947