Openstack-utility: Add pod/container security context

This updates the openstack-utility chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to false

Change-Id: Ie9ce49bfa69b7e835b113340d908f96429039d94

charts/openstack-utility/templates/deployment-utility.yaml

@@ -68,8 +68,7 @@ spec:
       labels:
 {{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
     spec:
-      securityContext:
-        runAsUser: 65534
+{{ dict "envAll" $envAll "application" "openstack" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       affinity:
 {{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
@@ -79,6 +78,7 @@ spec:
         - name: {{ printf "%s" $envAll.Release.Name }}
 {{ tuple $envAll "openstack_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.openstack_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "openstack" "container" "openstack_utility" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           env:
             - name: OS_AUTH_URL
               value: {{ .Values.conf.keystone_auth.auth_url }}

charts/openstack-utility/values.yaml

@@ -26,6 +26,14 @@ labels:
     node_selector_value: primary
 
 pod:
+  security_context:
+    openstack:
+      pod:
+        runAsUser: 65534
+      container:
+        openstack_utility:
+          allowPrivilegeEscalation: true
+          readOnlyRootFilesystem: false
   dns_policy: "ClusterFirstWithHostNet"
   replicas:
     utility: 1