BRE-300: Resolve MSSQL storage deployment permissions

- Moved DB storageClass to managed disk and RWO
- Setup init container to ensure the permissions are set to container user

charts/self-host/templates/mssql.yaml

@@ -35,6 +35,23 @@ spec:
       serviceAccount: {{ .Values.database.podServiceAccount | quote }}
       serviceAccountName: {{ .Values.database.podServiceAccount | quote }}
     {{- end }}
+      initContainers:
+        - name: init-permissions
+          image: busybox
+          command: ['sh', '-c']
+          args:
+            - |
+              chown -R 10001:10001 /var/opt/mssql/data
+              chown -R 10001:10001 /var/opt/mssql/log
+              chown -R 10001:10001 /var/opt/mssql/backups
+              ls -la /var/opt/mssql
+          volumeMounts:
+            - name: mssql-data
+              mountPath: /var/opt/mssql/data
+            - name: mssql-log
+              mountPath: /var/opt/mssql/log
+            - name: mssql-backups
+              mountPath: /var/opt/mssql/backups
       containers:
         - name: {{ template "bitwarden.mssql" . }}
           image: "{{ .Values.database.image.name }}:{{ .Values.database.image.tag }}"

charts/self-host/templates/post-install-db-migrator-job.yaml

@@ -40,10 +40,6 @@ spec:
           while [[ $(kubectl get pods -n {{ .Release.Namespace }} -l app={{ template "bitwarden.admin" . }} -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do sleep 1; done
 
           echo "Admin Ready!"
-
-          while [ ! -f /db/vault.mdf ]; do sleep 1; done
-
-          echo "DB Ready!"
         ']
         {{- else }}
         args: ['
@@ -53,11 +49,6 @@ spec:
         ']
         {{- end }}
         image: "{{ .Values.supportComponents.kubectl.image.name }}:{{ .Values.supportComponents.kubectl.image.tag }}"
-        volumeMounts:
-          {{- if .Values.database.enabled }}
-          - name: mssql-data
-            mountPath: /db
-          {{- end }}
       containers:
       - name: migrate-db
         env:
@@ -82,11 +73,6 @@ spec:
         {{- end }}
       restartPolicy: Never
       volumes:
-        {{- if .Values.database.enabled }}
-        - name: mssql-data
-          persistentVolumeClaim:
-            claimName: {{ default ( include "bitwarden.mssqlData" . ) .Values.database.volume.data.existingClaim }}
-        {{- end }}
         {{- if .Values.secrets.secretProviderClass }}
         - name: secrets-store-inline
           csi:

charts/self-host/values.yaml

@@ -481,10 +481,10 @@ database:
       # Use an existing PVC by specifying the name.
       # existingClaim: claimName
       # Override the accessMode specified in general.volumeAccessMode
-      # accessMode: ReadWriteOnce
+      accessMode: ReadWriteOnce
       # Override the storageClass specified in sharedStorageClassName
-      # storageClass: "shared-storage"
-      size: 1Gi
+      storageClass: "managed"
+      size: 10Gi
       labels: {}
       annotations:
         argocd.argoproj.io/hook: PreSync
@@ -494,10 +494,10 @@ database:
       # Use an existing PVC by specifying the name.
       # existingClaim: claimName
       # Override the accessMode specified in general.volumeAccessMode
-      # accessMode: ReadWriteOnce
+      accessMode: ReadWriteOnce
       # Override the storageClass specified in sharedStorageClassName
-      # storageClass: "shared-storage"
-      size: 10Gi
+      storageClass: "managed"
+      size: 20Gi
       labels: {}
       annotations:
         argocd.argoproj.io/hook: PreSync
@@ -507,9 +507,9 @@ database:
       # Use an existing PVC by specifying the name.
       # existingClaim: claimName
       # Override the accessMode specified in general.volumeAccessMode
-      # accessMode: ReadWriteOnce
+      accessMode: ReadWriteOnce
       # Override the storageClass specified in sharedStorageClassName
-      # storageClass: "shared-storage"
+      storageClass: "managed"
       size: 10Gi
       labels: {}
       annotations: