Use securityContext for deployment and cronjob

[nlaille]

Pull Request

Description of the change

Do a separation of securityContext for deployment and cronjob.

Benefits

Possibility to set fsGroup and fsGroupChangePolicy on deployment.
With the current setup, fsGroup and fsGroupChangePolicy cannot be set because cronjob and deployment uses the same securityContext and cronjob securityContext doesn't have fsGroup field.

Possible drawbacks

This PR should backward compatible.

Applicable issues

• fixes #

Additional information

Checklist

• DCO has been signed off on the commit.
• Chart version bumped in Chart.yaml according to semver.
• (optional) Variables are documented in the README.md

[Aluxima]

I would call that nextcloud.podSecurityContext and also add a container securityContext as nextcloud.securityContext.

[kodemaniak]

What would be needed to merge this PR? As mentioned in #252 this does prevent deploying the Cron Job in certain scenarios (e.g. when Longhorn is used as the storage layer, see https://longhorn.io/kb/troubleshooting-volume-take-long-time-to-mount/).

[tvories]

@kodemaniak the DCO needs to be signed off by @nlaille

[kodemaniak]

If @nlaille does not sign off the DCO, what are the alternatives? Would you accept an equivalent merge request by someone else?

[jessebot]

If @nlaille does not sign off the DCO, what are the alternatives? Would you accept an equivalent merge request by someone else?

Other people can try and submit the same PR, and it looks like it was started in #269, but it needs updating. If it's not done in a day or two, I'll submit another PR, and link back to these two.

[provokateurin]

Done in #269