e2e: add SecurityContext to master

The master pod need these `SecurityContext` configurations In order to run inside a namespace with restricted policy Signed-off-by: Talor Itzhak <titzhak@redhat.com>
2025-03-05 08:17:04 +00:00 · 2022-11-24 12:37:06 +02:00 · 2022-11-24 12:37:06 +02:00 · f31b70dce4
commit f31b70dce4
parent 213bbdc8d7
1 changed files with 14 additions and 0 deletions
--- a/test/e2e/utils/pod.go
+++ b/test/e2e/utils/pod.go
@ -115,6 +115,8 @@ type PodSpecOption func(spec *corev1.PodSpec)

 // NFDMasterPod provide NFD master pod definition
 func NFDMasterPod(opts ...PodSpecOption) *corev1.Pod {
+	yes := true
+	no := false
 	p := &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			GenerateName: "nfd-master-",
@ -136,6 +138,18 @@ func NFDMasterPod(opts ...PodSpecOption) *corev1.Pod {
 							},
 						},
 					},
+					SecurityContext: &corev1.SecurityContext{
+						Capabilities: &corev1.Capabilities{
+							Drop: []corev1.Capability{"ALL"},
+						},
+						Privileged:               &no,
+						RunAsNonRoot:             &yes,
+						ReadOnlyRootFilesystem:   &yes,
+						AllowPrivilegeEscalation: &no,
+						SeccompProfile: &corev1.SeccompProfile{
+							Type: corev1.SeccompProfileTypeRuntimeDefault,
+						},
+					},
 				},
 			},
 			ServiceAccountName: "nfd-master-e2e",