feat: Add Helm configuration for pod security context

[gonmmarques]

Hello there,

Saw this issue #466, and actually was also looking into having that possibility. decided to give it a try.

Tried to follow a contributing guide, but only found #330.

The way it is now added, by default the field is optional. Let me know also if it makes sense the way it was added (name of the key and location) and the schema definition.

I also ran helm-docs to update the README of the Helm Chart.

I ran locally helm template and was having issues when setting containerSecurityContext, when checking the charts/k6-operator/values.schema.json I noticed those fields for the manager and proxy their values changed on the should have the additionalProperties to true right?
See Here and Here

Example

global:
  podSecurityContext: {
    "runAsNonRoot": true,
    "runAsUser": 1000,
    "runAsGroup": 1000,
    "fsGroup": 1000,
    "allowPrivilegeEscalation": false,
    "seccompProfile": {
      "type": "RuntimeDefault"
    }
  }  

Checked it by running locally the helm template and it rendered

  spec:
      securityContext:
        allowPrivilegeEscalation: false
        fsGroup: 1000
        runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault

Anyways, let me know if I missed something or is something wrong.
Closes: #466

[yorugac]

Hi @gonmmarques, apologies for the delay! I've finally gotten around to going through the PRs 😅

We've recently had a bug with values schema in the chart: it was resolved just last week. So this PR needs rebasing to the latest main.

Also, one change request: as you can see in the issue's discussion, there is a chance of misunderstanding how security contexts for test runs are configured (only via TestRun definition ATM). So I think its best to move the podSecurityContext in Helm values to manager object instead of global: to make it clearer that it impacts only the k6-operator app. WDYT?

[gonmmarques]

Hi @gonmmarques, apologies for the delay! I've finally gotten around to going through the PRs 😅

We've recently had a bug with values schema in the chart: it was resolved just last week. So this PR needs rebasing to the latest main.

Also, one change request: as you can see in the issue's discussion, there is a chance of misunderstanding how security contexts for test runs are configured (only via TestRun definition ATM). So I think its best to move the podSecurityContext in Helm values to manager object instead of global: to make it clearer that it impacts only the k6-operator app. WDYT?

Hello @yorugac, no worries.
Sure that makes sense. I have updated the PR, let me know if there is anything missing.

[yorugac]

LGTM 🙌 Thanks for the update, @gonmmarques!