[COMMON] Run timescale with postgres user

Timescale container is ran with postgres user and group which are
defined with uid 70 and gid 70.

Data volume owner is changed for postgres.

See also:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

Issue-ID: CPS-667
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Change-Id: Ia87922ba68bb47a7a07aaf61f368143d970278b6
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 9b63de4..435c925 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -31,6 +31,18 @@
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
       securityContext:
       {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: chowm-mount-path
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
+          image: {{ include "repositoryGenerator.image.busybox" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: {{ include "common.fullname" . }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml
index b6d2fac..55acd92 100644
--- a/kubernetes/common/timescaledb/values.yaml
+++ b/kubernetes/common/timescaledb/values.yaml
@@ -40,13 +40,15 @@
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
+  runAsUser: 70
+  runAsGroup: 70
   # capabilities:
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true
   # runAsNonRoot: true
-  # runAsUser: 1000
 
 resources:
   # We usually recommend not to specify default resources and to leave this as a conscious