[stable/grafana] Add extraContainerVolumes

[chris-downs]

Is this a new chart

No

What this PR does / why we need it:

This PR adds a new extraContainerVolumes variable to define arbitrary volumes in the pod spec.

The current options for adding additional volumes (extraVolumeMounts and extraSecretMounts) do not allow you to define volumes for a sidecar container without them being automatically mounted in the main grafana container. This is not always desirable as the volumes for the sidecar may contain secrets that should not be exposed to grafana.

Example use case with the Google Cloud SQL Proxy:

...
extraContainers: |
  - name: cloudsql-proxy
    image: gcr.io/cloudsql-docker/gce-proxy:1.16
    command: ["/cloud_sql_proxy",
              "-instances=<instance_name>=tcp:5432",
              "-credential_file=/secrets/cloudsql/credentials.json"]
    securityContext:
      runAsUser: 2  # non-root user
      allowPrivilegeEscalation: false
    volumeMounts:
      - name: cloudsql-instance-credentials
        mountPath: /secrets/cloudsql
        readOnly: true

## Volumes that can be used in extra containers that will not be mounted to grafana deployment pods
extraContainerVolumes:
  - name: cloudsql-instance-credentials
    secret:
      secretName: cloudsql-instance-credentials
...

Which issue this PR fixes

N\A

Special notes for your reviewer:

N\A

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

• DCO signed
• Chart Version bumped
• Variables are documented in the README.md
• Title of the PR starts with chart name (e.g. [stable/mychartname])

[k8s-ci-robot]

Hi @chris-downs. Thanks for your PR.

I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[chris-downs]

/assign @rtluckie

[k8s-ci-robot]

@chris-downs: GitHub didn't allow me to assign the following users: rtluckie.

Note that only helm members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @rtluckie

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[zanhsieh]

/assign
/ok-to-test

[chris-downs]

/retest

[zanhsieh]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chris-downs, zanhsieh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• stable/grafana/OWNERS [zanhsieh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment