fix(securityContext): add missing fsGroup-ID for init-job containers

cockroachdb/templates/job.init.yaml

@@ -37,6 +37,15 @@ spec:
       annotations: {{- toYaml . | nindent 8 }}
     {{- end }}
     spec:
+    {{- if eq (include "cockroachdb.securityContext.versionValidation" .) "true" }}
+    {{- if and .Values.init.securityContext.enabled }}
+      securityContext:
+        runAsGroup: 1000
+        runAsUser: 1000
+        fsGroup: 1000
+        runAsNonRoot: true
+    {{- end }}
+    {{- end }}
       restartPolicy: OnFailure
       terminationGracePeriodSeconds: 0
     {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.selfSigner.image.credentials (not .Values.tls.certs.provided) (not .Values.tls.certs.certManager)) }}
@@ -52,14 +61,6 @@ spec:
       serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }}
       initContainers:
         - name: copy-certs
-        {{- if eq (include "cockroachdb.securityContext.versionValidation" .) "true" }}
-        {{- if and .Values.init.securityContext.enabled }}
-          securityContext:
-            runAsGroup: 1000
-            runAsUser: 1000
-            runAsNonRoot: true
-        {{- end }}
-        {{- end }}
           image: {{ .Values.tls.copyCerts.image | quote }}
           imagePullPolicy: {{ .Values.tls.selfSigner.image.pullPolicy | quote }}
           command:
@@ -91,14 +92,6 @@ spec:
     {{- end }}
       containers:
         - name: cluster-init
-        {{- if eq (include "cockroachdb.securityContext.versionValidation" .) "true" }}
-        {{- if and .Values.init.securityContext.enabled }}
-          securityContext:
-            runAsGroup: 1000
-            runAsUser: 1000
-            runAsNonRoot: true
-        {{- end }}
-        {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
           # Run the command in an `while true` loop because this Job is bound