Skip to content

Commit 0cb37d9

Browse files
arun717cursoragent
andcommitted
test(e2e): satisfy restricted PSS for Vault Helm installer pod
The vault-installer pod was rejected on OCP namespaces enforcing restricted Pod Security. Set the required pod and container security context instead of relying on privileged mode. Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 4e97ebf commit 0cb37d9

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

test/e2e/utils_test.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2008,6 +2008,12 @@ func setupVaultServer(ctx context.Context, cfg *rest.Config, loader library.Dyna
20082008
Spec: corev1.PodSpec{
20092009
ServiceAccountName: serviceAccountName,
20102010
RestartPolicy: corev1.RestartPolicyNever,
2011+
SecurityContext: &corev1.PodSecurityContext{
2012+
RunAsNonRoot: &runAsNonRoot,
2013+
SeccompProfile: &corev1.SeccompProfile{
2014+
Type: corev1.SeccompProfileTypeRuntimeDefault,
2015+
},
2016+
},
20112017
Containers: []corev1.Container{
20122018
{
20132019
Name: "helm",
@@ -2028,6 +2034,9 @@ func setupVaultServer(ctx context.Context, cfg *rest.Config, loader library.Dyna
20282034
Capabilities: &corev1.Capabilities{
20292035
Drop: []corev1.Capability{"ALL"},
20302036
},
2037+
SeccompProfile: &corev1.SeccompProfile{
2038+
Type: corev1.SeccompProfileTypeRuntimeDefault,
2039+
},
20312040
},
20322041
},
20332042
},

0 commit comments

Comments
 (0)