Kubernetes-keystone-webhook: Add security context

This adds the security context to the
kubernetes-keystone-webhook. This changes the default
user from root to the nobody user.
This also adds the container security context to
explicitly set allowPrivilegeEscalation to false

Change-Id: I54621e94f2866a4b4301baa6b570472c5fcda291

kubernetes-keystone-webhook/templates/deployment.yaml

@@ -38,10 +38,13 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+{{ dict "envAll" $envAll "application" "kubernetes-keystone-webhook" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       containers:
         - name: kubernetes-keystone-webhook
 {{ tuple $envAll "kubernetes_keystone_webhook" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            allowPrivilegeEscalation: false
           command:
             - /tmp/start.sh
           readinessProbe:

kubernetes-keystone-webhook/values.yaml

@@ -49,6 +49,9 @@ network:
       port: 30601
 
 pod:
+  user:
+    kubernetes-keystone-webhook:
+      uid: 65534
   affinity:
     anti:
       type: