[Feature request] Add support for runtimeClassName #293
Description
Is your feature request related to a problem? Please describe.
I am currently working in an environment where we are required to run all third-party applications and operators using gVisor for enhanced kernel-level isolation.
Currently, the locust-k8s-operator does not expose a way to define the runtimeClassName, making it difficult to comply with these security requirements.
Describe the solution you'd like
I would like the ability to specify a runtimeClassName so that the underlying pods are scheduled with the appropriate runtime handler.
- Operator: Update the Helm chart and deployment manifests to allow a
runtimeClassNameto be set for the operator pod itself. - LocustTest Pods: Perhaps they should inherit whatever runtimeClassName the operator is running or if we set it somewhere
Describe alternatives you've considered
I considered relying on namespace-wide admission controllers to inject the runtime class; however, having explicit support in the CRD is more robust.
Additional context
While I am still getting up to speed on the specifics of the gVisor implementation within this operator's context, I am happy to contribute to help implement this if we can agree on the design plan.