Postgresql-utility: Add pod/container security context

This updates the postgresql-utility chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to false

Change-Id: I84664883aaefd8bef679222a7c943f66eb93bad7

charts/postgresql-utility/templates/deployment-utility.yaml

@@ -52,8 +52,7 @@ spec:
       labels:
 {{ tuple $envAll "postgresql" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
     spec:
-      securityContext:
-        runAsUser: 65534
+{{ dict "envAll" $envAll "application" "postgresql" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       affinity:
 {{ tuple $envAll "postgresql" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
@@ -63,6 +62,7 @@ spec:
         - name: {{ printf "%s" $envAll.Release.Name }}
 {{ tuple $envAll "postgresql_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.postgresql_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "postgresql" "container" "postgresql_utility" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/bootstrap.sh
           volumeMounts:
@@ -123,4 +123,4 @@ spec:
           secret:
             secretName: {{ .Values.secrets.password.admin | quote }}
             defaultMode: 0600
-{{- end }}
+{{- end }}

charts/postgresql-utility/values.yaml

@@ -39,6 +39,14 @@ labels:
     node_selector_value: primary
 
 pod:
+  security_context:
+    postgresql:
+      pod:
+        runAsUser: 65534
+      container:
+        postgresql_utility:
+          allowPrivilegeEscalation: true
+          readOnlyRootFilesystem: false
   dns_policy: "ClusterFirstWithHostNet"
   replicas:
     utility: 1