vSphere: Fix security context of VDDK validation pod

The previous attempt to fix the execution of the VDDK validation pod didn't succeed - it allowed to run it on the 'default' namespace but its execution failed on other retricted namespaces in which the QEMU user (107) is not included in the allowed range. In order to fix this properly on OpenShift, we drop RunAsNonRoot and RunAsUser so that OpenShift would pick a proper user based on the configuration of the namespace. Signed-off-by: Arik Hadas <[email protected]>
kubev2v · Mar 5, 2024 · dd39e5c · dd39e5c
1 parent 0f69938
commit dd39e5c
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/pkg/controller/plan/validation.go b/pkg/controller/plan/validation.go
@@ -817,7 +817,7 @@ func (r *Reconciler) ensureVddkImageValidationJob(plan *api.Plan, el9 bool, vddk
 		return nil, err
 	case len(jobs.Items) == 0:
 		job := createVddkCheckJob(ctx.Plan, jobLabels, el9, vddkImage)
-		err = ctx.Destination.Client.Create(context.Background(), job, &client.CreateOptions{})
+		err = ctx.Destination.Client.Create(context.Background(), job)
 		if err != nil {
 			return nil, err
 		}
@@ -901,8 +901,6 @@ func createVddkCheckJob(plan *api.Plan, labels map[string]string, el9 bool, vddk
 			Template: core.PodTemplateSpec{
 				Spec: core.PodSpec{
 					SecurityContext: &core.PodSecurityContext{
-						RunAsNonRoot: ptr.To(true),
-						RunAsUser:    ptr.To(qemuUser),
 						SeccompProfile: &core.SeccompProfile{
 							Type: core.SeccompProfileTypeRuntimeDefault,
 						},