From 102774ecdf83602c26c30451d50f677a89e8953c Mon Sep 17 00:00:00 2001
From: rnetser <rnetser@redhat.com>
Date: Mon, 28 Apr 2025 18:37:06 +0300
Subject: [PATCH 1/2] fix: add securityContext for minio pod

---
 tests/conftest.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/conftest.py b/tests/conftest.py
index 33f7c3ebc..ef407a7b1 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -440,6 +440,12 @@ def minio_pod(
                 ],
                 "image": request.param.get("image"),
                 "name": MinIo.Metadata.NAME,
+                "securityContext": {
+                    "allowPrivilegeEscalation": False,
+                    "capabilities": {"drop": ["ALL"]},
+                    "runAsNonRoot": True,
+                    "seccompProfile": {"type": "RuntimeDefault"},
+                },
             }
         ],
         label=pod_labels,

From b9a863d3f893c66b1bef929e27a8f2bded1d01cd Mon Sep 17 00:00:00 2001
From: rnetser <rnetser@redhat.com>
Date: Mon, 28 Apr 2025 19:13:22 +0300
Subject: [PATCH 2/2] fix: minio on 4.19

---
 tests/conftest.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/conftest.py b/tests/conftest.py
index ef407a7b1..a04cd4602 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -471,6 +471,7 @@ def minio_service(admin_client: DynamicClient, minio_namespace: Namespace) -> Ge
         selector={
             Labels.Openshift.APP: MinIo.Metadata.NAME,
         },
+        session_affinity="ClientIP",
     ) as minio_service:
         yield minio_service