feat: add init containers

[kimxogus]

Add init containers to each deployment components

[zyyw]

@kimxogus could you please justify why we need this init containers?

[kimxogus]

@zyyw As harbor-registry component doesn't check if the pod has proper iam permission(not like https://github.com/distribution/distribution), I'd like to prevent pod from running if pod doesn't have proper iam permission.

As I have to use kiam or kube2iam to use harbor-registry, there could be mistakes like assigning wrong node groups which don't have permission to assume kiam/kube2iam role.

[rwd5213]

Hi, we actually need this for Trivy init container. when in offline environments we need an init container that downloads the vulnerability data base to the trivy container

[Vad1mo]

IMO, Trivy can download the DB itself? Why are you using the init container?

[rwd5213]

Because of environment where it cannot download the database from the open internet, we use an init container to pull the database from S3 for example. I am not aware of a way to directly tell Trivy where to download the data base from. Basically to automate this https://aquasecurity.github.io/trivy/v0.49/docs/advanced/air-gap/

[github-actions]

This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days.

[Vad1mo]

I don't find this to be a bad idea, there are a many uses cases that I can think of that would simplify the user of harbor with an init container.

@kimxogus @rwd5213 can you rebase and resolve the conflicts, I would like to get those changes in.

[rwd5213]

@kimxogus I realized this is missing the init container in the in the https://github.com/goharbor/harbor-helm/blob/main/templates/trivy/trivy-sts.yaml, any chance you can add it there as well?

[kimxogus]

Merged current main and also applied to trivy statefulset.