From 3dae4f6f7a11ade9f9a2f1acdab109acbdcdf4f6 Mon Sep 17 00:00:00 2001
From: Arik Hadas <ahadas@redhat.com>
Date: Sun, 3 Mar 2024 14:34:33 +0200
Subject: [PATCH] vSphere: Fix security context of VDDK validation pod

The security context was set with RunAsNonRoot = true while the user
wasn't specified, which lead to an error when migrating to the default
namespace: container has runAsNonRoot and image will run as root. This
issue is fixed by setting the user to the QEMU user (107).

Signed-off-by: Arik Hadas <ahadas@redhat.com>
---
 pkg/controller/plan/validation.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/controller/plan/validation.go b/pkg/controller/plan/validation.go
index 4a2fc430a..a32508df6 100644
--- a/pkg/controller/plan/validation.go
+++ b/pkg/controller/plan/validation.go
@@ -882,6 +882,7 @@ func createVddkCheckJob(plan *api.Plan, labels map[string]string, el9 bool, vddk
 				Spec: core.PodSpec{
 					SecurityContext: &core.PodSecurityContext{
 						RunAsNonRoot: ptr.To(true),
+						RunAsUser:    ptr.To(qemuUser),
 						SeccompProfile: &core.SeccompProfile{
 							Type: core.SeccompProfileTypeRuntimeDefault,
 						},