[influxdb v1] Add container-level securityContext support to StatefulSet template

[PcInfamy]

Problem

The InfluxDB Helm chart currently supports pod-level securityContext configuration (runAsUser, runAsGroup, fsGroup, runAsNonRoot), but does not expose container-level securityContext settings in the values schema.

This creates a gap for users who need to enforce container-level security policies like allowPrivilegeEscalation: false, which some Kubernetes admission controllers (e.g., Kyverno, Pod Security Standards) may require.

Current Workaround

Users must resort to postRenderer patches or other external tools to add container-level security context, which:

• Adds maintenance overhead
• Bypasses the chart's values system
• Makes configurations harder to track and audit
• Risks conflicts with chart updates

Proposed Solution

Add a new containerSecurityContext (or similar) values field that maps to container-level securityContext in the StatefulSet template.

Example usage:

values:
  securityContext:  # Pod-level (existing)
    runAsUser: 999
    fsGroup: 999
  containerSecurityContext:  # Container-level (new)
    allowPrivilegeEscalation: false

Implementation

Update templates/statefulset.yaml to include:

containers:
- name: {{ include "influxdb.fullname" . }}
  {{- if .Values.containerSecurityContext }}
  securityContext:
{{ toYaml .Values.containerSecurityContext | indent 4 }}
  {{- end }}

Benefits

• Aligns with Kubernetes best practices (defense-in-depth)
• Supports modern security policies and admission controllers
• Eliminates need for external patches
• Improves chart completeness and usability

[brophyja]

Adding a second request for this feature in the Helm chart for InfluxDB3 Enterprise.