Tiller: Add pod/container security context

This updates the tiller chart to include the pod
security context on the pod template

This also adds the container security context to set
allowPrivilegeEscalation to false

Change-Id: Ic0d87ba2e933444ebe8a6d59d7bb74aae81a051d

tiller/templates/deployment-tiller.yaml

@@ -62,6 +62,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+{{ dict "envAll" $envAll "application" "tiller" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       initContainers:
 {{ tuple $envAll "tiller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
@@ -82,6 +83,7 @@ spec:
           successThreshold: 1
           timeoutSeconds: 1
         name: tiller
+{{ dict "envAll" $envAll "application" "tiller" "container" "tiller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
         ports:
         - containerPort: 44134
           name: tiller

tiller/values.yaml

@@ -37,6 +37,13 @@ images:
       - image_repo_sync
 
 pod:
+  security_context:
+    tiller:
+      pod:
+        runAsUser: 65534
+      container:
+        tiller:
+          allowPrivilegeEscalation: false
   resources:
     enabled: false
     jobs: