Add missing security-context for elasticsearch-data and elasticsearch-master

This also implements security-context template to add readOnly-fs flag

Change-Id: Iaeea66dad34a2616c0620eafacc53574ed79a7b5

elasticsearch/templates/statefulset-data.yaml

@@ -69,8 +69,7 @@ spec:
         - name: elasticsearch-perms
 {{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            runAsUser: 0
+{{ dict "envAll" $envAll "application" "data" "container" "elasticsearch_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - chown
             - -R

elasticsearch/templates/statefulset-master.yaml

@@ -68,8 +68,7 @@ spec:
         - name: elasticsearch-perms
 {{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            runAsUser: 0
+{{ dict "envAll" $envAll "application" "master" "container" "elasticsearch_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - chown
             - -R

elasticsearch/values.yaml

@@ -185,6 +185,8 @@ pod:
         memory_map_increase:
           privileged: true
           readOnlyRootFilesystem: true
+        elasticsearch_perms:
+          readOnlyRootFilesystem: true
         elasticsearch_master:
           privileged: true
           capabilities:
@@ -217,6 +219,8 @@ pod:
         memory_map_increase:
           privileged: true
           readOnlyRootFilesystem: true
+        elasticsearch_perms:
+          readOnlyRootFilesystem: true
         elasticsearch_data:
           privileged: true
           capabilities: