adding securityContext/PSP support for Kibana

[mszumilak]

When Pod Security Policy is in use it might be required to specify serviceAccount as well as runAsUser and fsGroups for starting the pod. Unless requested parameters are not specified pod cannot start.

[elasticmachine]

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

[Crazybus]

Out of curiosity could you tell me why you need to be able to set these options? I'm mostly just curious since it is not something I have needed to do when running Kibana myself. And maybe this is something that could better be done by default if there is a more secure way to run Kibana in Kubernetes.

Apart from the requested changes I left inline there are few other missing pieces before this is mergeable.

1. Update the readme with the two new options you have added
2. Add a basic templating test to make sure that the templating rules work as expected and don't get broken by future changes.
3. Seems like you still need to sign the CLA agreement before I can accept any of these changes.

I can help you out if needed for number 2. I realise that we don't yet have a developer guide (you are the first contributor yay!). So I'll work on making sure that these steps are included as part of the readme and the pull request template.

[mszumilak]

Out of curiosity could you tell me why you need to be able to set these options? I'm mostly just curious since it is not something I have needed to do when running Kibana myself. And maybe this is something that could better be done by default if there is a more secure way to run Kibana in Kubernetes.

I have several users in my cluster with special privileges. I want to enforce using the specific, unprivileged user for running services that does not require special permissions.

Apart from the requested changes I left inline there are few other missing pieces before this is mergeable.

1. Update the [readme](https://github.com/elastic/helm-charts/blob/master/kibana/README.md) with the two new options you have added

Done

2. Add a [basic templating test](https://github.com/elastic/helm-charts/blob/master/kibana/tests/kibana_test.py) to make sure that the templating rules work as expected and don't get broken by future changes.

Some help might be required here as I don't fully understand the script.

3. Seems like you still need to sign the [CLA agreement](https://www.elastic.co/contributor-agreement) before I can accept any of these changes.

Done

I can help you out if needed for number 2. I realise that we don't yet have a developer guide (you are the first contributor yay!). So I'll work on making sure that these steps are included as part of the readme and the pull request template.

👍

[Crazybus]

jenkins test this please

[Crazybus]

Thank you so much for adding this in and for explaining what the use case is!

I'll add in the template testing in a separate PR and link it from here to show you how it looks.

[Crazybus]

@mszumilak Here are the tests that I added #44