Run mon container as ceph user

This PS is to address security best practices concerning running
containers as a non-privileged user and disallowing privilege
escalation.

Change-Id: If4c0e9fe446091ba75d1a9818ffd3a0933285af4

ceph-mon/Chart.yaml

@@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph Mon
 name: ceph-mon
-version: 0.1.2
+version: 0.1.3
 home: https://github.com/ceph/ceph
 ...

ceph-mon/templates/bin/mon/_start.sh.tpl

@@ -42,7 +42,7 @@ MON_DATA_DIR="/var/lib/ceph/mon/${CLUSTER}-${MON_NAME}"
 MONMAP="/etc/ceph/monmap-${CLUSTER}"
 
 # Make the monitor directory
-su -s /bin/sh -c "mkdir -p \"${MON_DATA_DIR}\"" ceph
+/bin/sh -c "mkdir -p \"${MON_DATA_DIR}\""
 
 function get_mon_config {
   # Get fsid from ceph.conf

ceph-mon/values.yaml

@@ -56,8 +56,9 @@ pod:
           runAsUser: 0
           readOnlyRootFilesystem: true
         ceph_mon:
-          runAsUser: 0
+          runAsUser: 64045
           readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
     moncheck:
       pod:
         runAsUser: 65534