make pod security context fully configurable

[CatherineThompson]

No description provided.

[cla-bot]

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla

[cla-bot]

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla

[cla-bot]

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla

[cla-bot]

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla

[cla-bot]

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla

[nineinchnick]

According to #181, it might be a good idea to put the whole securityContext in a condition block, in case it's empty.

[CatherineThompson]

If I add securityContext: ~ to a values file, the template renders as securityContext: null which then gets applied as securityContext: {}. It seems to handle that situation. If you think a condition block reads better, I'll add it in.

[nineinchnick]

So we don't need a condition block, thanks! Can you document that in the comment for this section?

[nineinchnick]

I tested this and it doesn't work with either ~, empty string or an empty object. Please put this in a conditional block.

[CatherineThompson]

Hmm, I wonder why I wasn't able to reproduce the the issue. Yeah, I'll put in the conditional sometime today.

[CatherineThompson]

@nineinchnick I've put the with condition back in and also added the ability to configure the security context for the jmx exporter container.

[nineinchnick]

Interesting, it's now possible to clear the securityContext with ~, but not with {}. Can you either document it, or change the with block into an if?

[CatherineThompson]

Alright, I've updated the documentation.