fix VDDK validation on k8s

Signed-off-by: Arik Hadas <[email protected]>
kubev2v · Mar 5, 2024 · 1524f2b · 1524f2b
1 parent dd39e5c
commit 1524f2b
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 7 deletions.
diff --git a/operator/roles/forkliftcontroller/templates/controller/deployment-controller.yml.j2 b/operator/roles/forkliftcontroller/templates/controller/deployment-controller.yml.j2
@@ -49,6 +49,12 @@ spec:
 {% if k8s_cluster|bool %}
         - name: API_TLS_CA
           value: /var/run/secrets/{{ inventory_tls_secret_name }}/ca.crt
+{% endif %}
+        - name: OpenShift
+{% if k8s_cluster|bool %}
+          value: false
+{% else %}
+          value: true
 {% endif %}
 {% if controller_log_level is defined and controller_log_level is number %}
         - name: LOG_LEVEL

diff --git a/pkg/controller/plan/validation.go b/pkg/controller/plan/validation.go
@@ -883,6 +883,15 @@ func createVddkCheckJob(plan *api.Plan, labels map[string]string, el9 bool, vddk
 			},
 		},
 	}
+	psc := &core.PodSecurityContext{
+		SeccompProfile: &core.SeccompProfile{
+			Type: core.SeccompProfileTypeRuntimeDefault,
+		},
+	}
+	if !Settings.OpenShift {
+		psc.RunAsNonRoot = ptr.To(true)
+		psc.RunAsUser = ptr.To(qemuUser)
+	}
 	return &batchv1.Job{
 		ObjectMeta: meta.ObjectMeta{
 			GenerateName: fmt.Sprintf("vddk-validator-%s", plan.Name),
@@ -900,13 +909,9 @@ func createVddkCheckJob(plan *api.Plan, labels map[string]string, el9 bool, vddk
 			Completions:           ptr.To[int32](1),
 			Template: core.PodTemplateSpec{
 				Spec: core.PodSpec{
-					SecurityContext: &core.PodSecurityContext{
-						SeccompProfile: &core.SeccompProfile{
-							Type: core.SeccompProfileTypeRuntimeDefault,
-						},
-					},
-					RestartPolicy:  core.RestartPolicyOnFailure,
-					InitContainers: initContainers,
+					SecurityContext: psc,
+					RestartPolicy:   core.RestartPolicyOnFailure,
+					InitContainers:  initContainers,
 					Containers: []core.Container{
 						{
 							Name:  "validator",

diff --git a/pkg/settings/settings.go b/pkg/settings/settings.go
@@ -11,6 +11,8 @@ import (
 // Global
 var Settings = ControllerSettings{}
 
+const OpenShift = "OpenShift"
+
 // Settings
 type ControllerSettings struct {
 	// Roles.
@@ -29,6 +31,7 @@ type ControllerSettings struct {
 	Profiler
 	// Feature gates.
 	Features
+	OpenShift bool
 }
 
 // Load settings.
@@ -65,6 +68,7 @@ func (r *ControllerSettings) Load() error {
 	if err != nil {
 		return err
 	}
+	r.OpenShift = getEnvBool(OpenShift, false)
 
 	return nil
 }