Enable Seccomp configuration

Kubevirt needs to run under custom profile or compliant runtime default in order to run without issues on PSA enabled clusters. Signed-off-by: L. Pivarc <[email protected]>
kubevirt · Feb 15, 2023 · 9295354 · 9295354
1 parent e037eb1
commit 9295354
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/cluster-provision/k8s/check-cluster-up.sh b/cluster-provision/k8s/check-cluster-up.sh
@@ -94,6 +94,12 @@ export KUBEVIRTCI_GOCLI_CONTAINER=quay.io/kubevirtci/gocli:latest
 
             ${ksh} wait -n kubevirt kv kubevirt --for condition=Available --timeout 15m
 
+            if [ "${KUBEVIRT_PSA:-"false"}" == "true" ]; then
+                # Enable Kubevirt profile
+                ${ksh} patch -n kubevirt kv kubevirt --patch '{"spec": {"configuration": {"developerConfiguration": {"featureGates": ["KubevirtSeccompProfile"]} } }}'
+                ${ksh} patch -n kubevirt kv kubevirt --patch '{"spec": {"configuration": {"seccompConfiguration": {"virtualMachineInstanceProfile": {"customProfile": {"localhostProfile" : "kubevirt/kubevirt.json"} } } } } }'
+            fi
+
             export SONOBUOY_EXTRA_ARGS="--plugin https://storage.googleapis.com/kubevirt-prow/devel/nightly/release/kubevirt/kubevirt/${LATEST}/conformance.yaml"
             hack/conformance.sh $conformance_config
         fi