Set data directory group permissions during bootstrap

Immediately after bootstrap, the data directory lacks group permissions
when the storage provider ignores fsGroup. The startup container resets
group permissions correctly, so pod restart works around this.

Issue: PGO-300
See: c7842e7

Author: cbandy

internal/patroni/config.go

@@ -552,6 +552,11 @@ func instanceYAML(
 		} else {
 
 			initdb := []string{
+				// Pod "securityContext.fsGroup" ensures processes and filesystems agree on a GID.
+				// Group access ensures processes can access data regardless of their UID.
+				// NOTE: The "--allow-group-access" option was introduced in PostgreSQL v11.
+				"allow-group-access",
+
 				// Enable checksums on data pages to help detect corruption of
 				// storage that would otherwise be silent. This also enables
 				// "wal_log_hints" which is a prerequisite for using `pg_rewind`.
@@ -568,7 +573,7 @@ func instanceYAML(
 				"data-checksums",
 				"encoding=UTF8",
 
-				// NOTE(cbandy): The "--waldir" option was introduced in PostgreSQL v10.
+				// NOTE: The "--waldir" option was introduced in PostgreSQL v10.
 				"waldir=" + postgres.WALDirectory(cluster, instance),
 			}
 

internal/patroni/config_test.go

@@ -685,6 +685,7 @@ func TestInstanceYAML(t *testing.T) {
 # Your changes will not be saved.
 bootstrap:
   initdb:
+  - allow-group-access
   - data-checksums
   - encoding=UTF8
   - waldir=/pgdata/pg12_wal
@@ -708,6 +709,7 @@ tags: {}
 # Your changes will not be saved.
 bootstrap:
   initdb:
+  - allow-group-access
   - data-checksums
   - encoding=UTF8
   - waldir=/pgdata/pg12_wal
@@ -747,6 +749,7 @@ tags: {}
 # Your changes will not be saved.
 bootstrap:
   initdb:
+  - allow-group-access
   - data-checksums
   - encoding=UTF8
   - waldir=/pgdata/pg12_wal