How do you get UID:GID in the [1002120000, 1002129999] range to make it run in OpenShift?

This is with OpenShift Container Platform 4.3.

Consider this Dockerfile.

FROM eclipse-mosquitto

# Create folders
USER root

RUN mkdir -p /mosquitto/data /mosquitto/log

# mosquitto configuration
USER mosquitto

# This is crucial to me
COPY --chown=mosquitto:mosquitto ri45.conf /mosquitto/config/mosquitto.conf

EXPOSE 1883

And, this is my Deployment YAML.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mosquitto-broker
spec:
  selector:
    matchLabels:
      app: mosquitto-broker
  template:
    metadata:
      labels:
        app: mosquitto-broker
    spec:
      containers:
        - name: mosquitto-broker
          image: org/repo/eclipse-mosquitto:1.0.1
          imagePullPolicy: Always
          resources:
            limits:
              memory: "128Mi"
              cpu: "500m"
          volumeMounts:
            - name: mosquitto-data
              mountPath: /mosquitto/data
            - name: mosquitto-log
              mountPath: /mosquitto/log
          ports:
            - name: mqtt
              containerPort: 1883
      volumes:
        - name: mosquitto-log
          persistentVolumeClaim:
            claimName: mosquitto-log
        - name: mosquitto-data
          persistentVolumeClaim:
            claimName: mosquitto-data

When I do a oc create -f with the above YAML, I get this error, 2020-06-02T07:59:59: Error: Unable to open log file /mosquitto/log/mosquitto.log for writing. Maybe this is a permissions error; can’t tell. Anyway, going by the eclipse/mosquitto Dockerfile, I see that mosquitto is a user with UID and GID of 1883. So, I added the securityContext as described here.

securityContext:
  fsGroup: 1883

When I do a oc create -f with this modification, I get this error – securityContext.securityContext.runAsUser: Invalid value: 1883: must be in the ranges: [1002120000, 1002129999].

This approach of adding an initContainer to set permissions on volume does not work for me because, I have to be root to do that.

So, how do I enable the Eclipse mosquitto container to write to /mosquitto/log successfully?

Source: StackOverflow