fix: strip enabled key from securityContext before rendering

The podSecurityContext, securityContext, and metrics exporter
securityContext values support an 'enabled' field as a helm-level toggle.
However, this field is not a valid Kubernetes PodSecurityContext or
SecurityContext field. When rendered verbatim, Kubernetes silently strips
it, causing GitOps tools like ArgoCD and Rancher Fleet to report
resources as perpetually out-of-sync.

Use omit to strip the 'enabled' key before piping to toYaml in both
deploy_valkey.yaml and statefulset.yaml templates.

Fixes: #139
Signed-off-by: Darpa Sehgal <6688157+DarpaSehgal@users.noreply.github.com>

Author: DarpaSehgal

valkey/templates/deploy_valkey.yaml

@@ -46,14 +46,14 @@ spec:
       priorityClassName: {{ .Values.priorityClassName | quote }}
       {{- end }}
       securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+        {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
       initContainers:
         - name: {{ include "valkey.fullname" . }}-init
           image: {{ include "valkey.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- with .Values.securityContext }}
           securityContext:
-            {{- toYaml . | nindent 12 }}
+            {{- omit . "enabled" | toYaml | nindent 12 }}
           {{- end }}
           command: [ "/scripts/init.sh" ]
           volumeMounts:
@@ -104,7 +104,7 @@ spec:
           command: [ "valkey-server" ]
           args: [ "/data/conf/valkey.conf" ]
           securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
+            {{- omit .Values.securityContext "enabled" | toYaml | nindent 12 }}
           env:
             {{- range $key, $val := .Values.env }}
             - name: {{ $key }}
@@ -163,7 +163,7 @@ spec:
           imagePullPolicy: {{ .Values.metrics.exporter.image.pullPolicy | quote }}
           {{- with .Values.metrics.exporter.securityContext }}
           securityContext:
-            {{- toYaml . | nindent 12 }}
+            {{- omit . "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- with .Values.metrics.exporter.command }}
           command:

valkey/templates/statefulset.yaml

@@ -60,14 +60,14 @@ spec:
       priorityClassName: {{ .Values.priorityClassName | quote }}
       {{- end }}
       securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
       initContainers:
         - name: {{ include "valkey.fullname" . }}-init
           image: {{ include "valkey.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- with .Values.securityContext }}
           securityContext:
-            {{- toYaml . | nindent 12 }}
+            {{- omit . "enabled" | toYaml | nindent 12 }}
           {{- end }}
           command: [ "/scripts/init.sh" ]
           env:
@@ -117,7 +117,7 @@ spec:
           command: [ "valkey-server" ]
           args: [ "/data/conf/valkey.conf" ]
           securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
+            {{- omit .Values.securityContext "enabled" | toYaml | nindent 12 }}
           env:
             - name: POD_INDEX
               valueFrom:
@@ -177,7 +177,7 @@ spec:
           imagePullPolicy: {{ .Values.metrics.exporter.image.pullPolicy | quote }}
           {{- with .Values.metrics.exporter.securityContext }}
           securityContext:
-            {{- toYaml . | nindent 12 }}
+            {{- omit . "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- with .Values.metrics.exporter.command }}
           command: