Openstack exporter: Add security context for pod/container

This adds a security context to the openstack exporter, which
changes the pod's user from root to the nobody user instead

This also adds the container security context to explicitly set
allowPrivilegeEscalation to false

Change-Id: Ie3f105ee8b489f7641b5b7256a2023ae35257343

prometheus-openstack-exporter/templates/deployment.yaml

@@ -40,6 +40,7 @@ spec:
       labels:
 {{ tuple $envAll "prometheus-openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
     spec:
+{{ dict "envAll" $envAll "application" "openstack_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       nodeSelector:
         {{ .Values.labels.openstack_exporter.node_selector_key }}: {{ .Values.labels.openstack_exporter.node_selector_value | quote }}
@@ -50,6 +51,8 @@ spec:
         - name: openstack-metrics-exporter
 {{ tuple $envAll "prometheus_openstack_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.prometheus_openstack_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            allowPrivilegeEscalation: false
           command:
             - /tmp/prometheus-openstack-exporter.sh
             - start

prometheus-openstack-exporter/values.yaml

@@ -38,6 +38,9 @@ labels:
     node_selector_value: enabled
 
 pod:
+  user:
+    openstack_exporter:
+      uid: 65534
   affinity:
     anti:
       type: