Add container level security context for task and web deployments

[gdasson]

SUMMARY

The security context settings offered today only provide the option to set pod level security context for web and task deployments. This PR adds the option to allow container level security context for all of the containers under web and task deployments.

fixes: #1413
fixes: #890
fixes: #571
fixes: #383

This change doesn't dictate the values and let the users decide and configure the values on need basis. This makes it a safer approach to implement without breaking any functionality

ISSUE TYPE

• New or Enhanced Feature

ADDITIONAL INFORMATION

Two of the existing variable settings will become irrelevant after this change:

• redis_capabilities can be covered under redis_security_context_settings after this change
• task_privileged can be covered under task_security_context_settings after this change

[rooftopcellist]

@gdasson Looks like this PR follows the plan laid out in this comment:

• modify container security context #1425 (comment)
  Continuing the work there.

Changes suggested before merge:

• I think _settings at the end of each of these is redundant and can be removed, what do you think? Otherwise, I think this approach will work for v1beta1.
• Unfortunately, we have to provide backwards compatibility for the existing securityContext settings,
  • Example of how to fix for task_privileged: here
  • Example of how to fix for redis_capabilities: here
  • Same for postgres_security_context_settings
• Can you also mark the task_privileged, postgres_security_context_settings and redis_capabilities parameters as Deprecated? (for example)

Note: We may re-write this to be settings nested under each component when we make a v2 CRD schema, but that is down the line and it would be good to give users a way to configure this now.

[gdasson]

@rooftopcellist : Thanks for the review and feedback. I have now incorporated your review comments. Thanks.

[gdasson]

@rooftopcellist or other reviewers : Any updates on this please?

cc: @BharathDevopz

[djyasin]

Hello @gdasson,
Would you mind rebasing this and resolving any conflicts?

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[maarous]

Hello, Any updates on this please?

[Doenerpapst]

Hello, any updates on this please? Regarding the current security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2024-53899 this would be a useful addition

[dominykasn]

Hi, any updates?

[gdasson]

@djyasin : Rebased and fixed merge conflicts. Thanks.