Add missing security context to Neutron pods/containers

This updates the Neutron chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to true

Change-Id: I50ccec785eb3b18d6c00df2ad5f566a72db4604d

neutron/templates/daemonset-l2gw-agent.yaml

@@ -95,8 +95,7 @@ spec:
         - name: neutron-l2gw-agent
 {{ tuple $envAll "neutron_l2gw" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.agent.l2gw | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            privileged: true
+{{ dict "envAll" $envAll "application" "neutron_l2gw_agent" "container" "neutron_l2gw_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           env:
             - name: RPC_PROBE_TIMEOUT
               value: "{{ .Values.pod.probes.rpc_timeout }}"

neutron/values.yaml

@@ -451,6 +451,10 @@ pod:
     neutron_l2gw_agent:
       pod:
         runAsUser: 42424
+      container:
+        neutron_l2gw_agent:
+          readOnlyRootFilesystem: true
+          privileged: true
     neutron_bagpipe_bgp:
       pod:
         runAsUser: 42424