test(e2e): satisfy restricted PSS for Vault Helm installer pod

arun717 · cursoragent · arun717 · commit 10a7da899fae · 2026-06-19T14:48:08.000+05:30
The vault-installer pod was rejected on OCP namespaces enforcing
restricted Pod Security. Set the required pod and container security
context instead of relying on privileged mode.

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/test/e2e/utils_test.go b/test/e2e/utils_test.go
@@ -2211,6 +2211,12 @@ func setupVaultServer(ctx context.Context, cfg *rest.Config, loader library.Dyna
 		Spec: corev1.PodSpec{
 			ServiceAccountName: serviceAccountName,
 			RestartPolicy:      corev1.RestartPolicyNever,
+			SecurityContext: &corev1.PodSecurityContext{
+				RunAsNonRoot: &runAsNonRoot,
+				SeccompProfile: &corev1.SeccompProfile{
+					Type: corev1.SeccompProfileTypeRuntimeDefault,
+				},
+			},
 			Containers: []corev1.Container{
 				{
 					Name:            "helm",
@@ -2231,6 +2237,9 @@ func setupVaultServer(ctx context.Context, cfg *rest.Config, loader library.Dyna
 						Capabilities: &corev1.Capabilities{
 							Drop: []corev1.Capability{"ALL"},
 						},
+						SeccompProfile: &corev1.SeccompProfile{
+							Type: corev1.SeccompProfileTypeRuntimeDefault,
+						},
 					},
 				},
 			},
