Update values.yaml to allow OpenShift SCC to assign fsGroup and update README (#17)

* Update values.yaml to allow OpenShift SCC to assign fsGroup 
* Update README.md to set fsGroup to null for controller and webhook pod security contexts

Author: shruthis4

charts/spark-operator-chart/README.md

@@ -120,7 +120,7 @@ See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall) for command docum
 | controller.affinity | object | `{}` | Affinity for controller pods. |
 | controller.tolerations | list | `[]` | List of node taints to tolerate for controller pods. |
 | controller.priorityClassName | string | `""` | Priority class for controller pods. |
-| controller.podSecurityContext | object | `{"fsGroup":185}` | Security context for controller pods. |
+| controller.podSecurityContext | object | `{"fsGroup":null}` | Security context for controller pods. |
 | controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref: [Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/). The labelSelector field in topology spread constraint will be set to the selector labels for controller pods if not specified. |
 | controller.hostUsers | string | `nil` | Whether to use user namespace or not Kubernetes version 1.30 for feature beta (1.33 for GA) or higher is required with support from OS and OCI runtime ref: https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/ |
 | controller.env | list | `[]` | Environment variables for controller containers. |
@@ -163,7 +163,7 @@ See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall) for command docum
 | webhook.affinity | object | `{}` | Affinity for webhook pods. |
 | webhook.tolerations | list | `[]` | List of node taints to tolerate for webhook pods. |
 | webhook.priorityClassName | string | `""` | Priority class for webhook pods. |
-| webhook.podSecurityContext | object | `{"fsGroup":185}` | Security context for webhook pods. |
+| webhook.podSecurityContext | object | `{"fsGroup":null}` | Security context for webhook pods. |
 | webhook.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref: [Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/). The labelSelector field in topology spread constraint will be set to the selector labels for webhook pods if not specified. |
 | webhook.hostUsers | string | `nil` | Whether to use user namespace or not Kubernetes version 1.30 for feature beta (1.33 for GA) or higher is required with support from OS and OCI runtime ref: https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/ |
 | webhook.env | list | `[]` | Environment variables for webhook containers. |

charts/spark-operator-chart/values.yaml

@@ -170,7 +170,7 @@ controller:
 
   # -- Security context for controller pods.
   podSecurityContext:
-    fsGroup: 185
+    fsGroup: null  # Override upstream default (185) to let OpenShift SCC assign
 
   # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
   # Ref: [Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/).
@@ -345,7 +345,7 @@ webhook:
 
   # -- Security context for webhook pods.
   podSecurityContext:
-    fsGroup: 185
+    fsGroup: null  # Override upstream default (185) to let OpenShift SCC assign
 
   # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
   # Ref: [Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/).