Add helm option to set KRR image security context #1898
Description
Is your feature request related to a problem?
This feature request is related to a security issue. When attempting to run a krr scan, manually via api call or via platform playbook, KRR scan fails due to attempting to run as root and not having proper security context set in an environment with strict security runtime policies.
Describe the solution you'd like
In environments which require strict security contexts and are deploying their applications via helm, it would be convenient if you could specify pod, container security contexts in the robustadev helm chart for the krr-scan pod which gets created during a krr scan job. This solution would be similar to how security context can be specified for components such as the robusta runner directly within the helm chart.
Describe alternatives you've considered
Making another KRR image wrapper that uses the existing KRR scan image but sets user and group IDs so the image does not run as root. Still exploring other workarounds.
Additional context
Currently in an airgapped environment, the KRR scan image needs to be specified via a KRR_IMAGE_OVERRIDE env variable and no other configurations can be specified via helm, because the krr scan containers are created directly within the krr python code at runtime. See sample logs below when attempting to run a krr scan
`2025-08-18 15:49:47.302 INFO discovered service with label-selector: `app=kube-prometheus-stack-prometheus` at url: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
2025-08-18 15:49:47.303 INFO krr command 'python krr.py simple --publish_scan_url=xxxxxxxxxxxxx --scan_id=6c53341b-cf0a-4a0b-98cb-0e87f65ef2ed --start_time="2025-08-18 15:49:47.293968" --named_sinks="file_sink" --max-workers 3 -f json --width 2048 '
2025-08-18 15:49:48.201 ERROR sink robusta_ui_sink not found. Skipping event finding title: Failed Warning for Pod control-plane-prometheus/krr-job-6c53341b-cf0a-4a0b-98cb-0e87f65ef2ed-8hkgq desc: Error: container has runAsNonRoot and image will run as root (pod: "krr-job-6c53341b-cf0a-4a0b-98cb-0e87f65ef2ed-8hkgq_control-plane-prometheus(d451e77a-d131-47aa-8930-52208d9ad748)", container: krr) severity: FindingSeverity.DEBUG sub-name: krr-job-6c53341b-cf0a-4a0b-98cb-0e87f65ef2ed-8hkgq sub-type:pod enrich: [<robusta.core.reporting.base.Enrichment object at 0x7fedbee85650>]`