fix(e2e): Add installation with helm,kustomize,olm securityContext re…

…stricted validation

e2e/install/cli/install_test.go

@@ -55,15 +55,12 @@ func TestBasicInstallation(t *testing.T) {
 		Eventually(PlatformConditionStatus(ns, v1.IntegrationPlatformConditionReady), TestTimeoutShort).
 			Should(Equal(corev1.ConditionTrue))
 
-			// Check if default security context has been applyed
-		Eventually(OperatorPodHas(ns, func(pod *corev1.Pod) bool {
-			if pod.Spec.Containers == nil || len(pod.Spec.Containers) == 0 {
-				return false
-			}
-			// exclude user for openshift
-			pod.Spec.Containers[0].SecurityContext.RunAsUser = nil
-			return reflect.DeepEqual(pod.Spec.Containers[0].SecurityContext, kubernetes.DefaultOperatorSecurityContext())
-		}), TestTimeoutShort).Should(BeTrue())
+		// Check if restricted security context has been applyed
+		operatorPod := OperatorPod(ns)()
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.RunAsNonRoot).To(Equal(kubernetes.DefaultOperatorSecurityContext().RunAsNonRoot))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.Capabilities).To(Equal(kubernetes.DefaultOperatorSecurityContext().Capabilities))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.SeccompProfile).To(Equal(kubernetes.DefaultOperatorSecurityContext().SeccompProfile))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation).To(Equal(kubernetes.DefaultOperatorSecurityContext().AllowPrivilegeEscalation))
 
 		t.Run("run yaml", func(t *testing.T) {
 			Expect(KamelRunWithID(operatorID, ns, "files/yaml.yaml").Execute()).To(Succeed())

e2e/install/helm/setup_test.go

@@ -32,6 +32,7 @@ import (
 
 	. "github.com/apache/camel-k/v2/e2e/support"
 	"github.com/apache/camel-k/v2/pkg/util/defaults"
+	"github.com/apache/camel-k/v2/pkg/util/kubernetes"
 	. "github.com/onsi/gomega"
 )
 
@@ -63,6 +64,13 @@ func TestHelmInstallRunUninstall(t *testing.T) {
 
 		Eventually(OperatorPod(ns)).ShouldNot(BeNil())
 
+		// Check if restricted security context has been applyed
+		operatorPod := OperatorPod(ns)()
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.RunAsNonRoot).To(Equal(kubernetes.DefaultOperatorSecurityContext().RunAsNonRoot))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.Capabilities).To(Equal(kubernetes.DefaultOperatorSecurityContext().Capabilities))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.SeccompProfile).To(Equal(kubernetes.DefaultOperatorSecurityContext().SeccompProfile))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation).To(Equal(kubernetes.DefaultOperatorSecurityContext().AllowPrivilegeEscalation))
+
 		//Test a simple route
 		t.Run("simple route", func(t *testing.T) {
 			name := "yaml"

e2e/install/kustomize/operator_test.go

@@ -31,6 +31,7 @@ import (
 
 	. "github.com/apache/camel-k/v2/e2e/support"
 	testutil "github.com/apache/camel-k/v2/e2e/support/util"
+	"github.com/apache/camel-k/v2/pkg/util/kubernetes"
 
 	. "github.com/onsi/gomega"
 )
@@ -59,6 +60,14 @@ func TestOperatorBasic(t *testing.T) {
 
 		Eventually(OperatorPod(ns)).ShouldNot(BeNil())
 		Eventually(OperatorPodPhase(ns), TestTimeoutMedium).Should(Equal(corev1.PodRunning))
+
+		// Check if restricted security context has been applyed
+		operatorPod := OperatorPod(ns)()
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.RunAsNonRoot).To(Equal(kubernetes.DefaultOperatorSecurityContext().RunAsNonRoot))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.Capabilities).To(Equal(kubernetes.DefaultOperatorSecurityContext().Capabilities))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.SeccompProfile).To(Equal(kubernetes.DefaultOperatorSecurityContext().SeccompProfile))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation).To(Equal(kubernetes.DefaultOperatorSecurityContext().AllowPrivilegeEscalation))
+
 		Eventually(Platform(ns)).ShouldNot(BeNil())
 	})
 }

e2e/install/olm/olm_install_test.go

@@ -36,6 +36,7 @@ import (
 	olm "github.com/operator-framework/api/pkg/operators/v1alpha1"
 
 	"github.com/apache/camel-k/v2/pkg/util/defaults"
+	"github.com/apache/camel-k/v2/pkg/util/kubernetes"
 	"github.com/apache/camel-k/v2/pkg/util/openshift"
 )
 
@@ -96,6 +97,13 @@ func TestOLMInstallation(t *testing.T) {
 		// Check the IntegrationPlatform has been reconciled
 		Eventually(PlatformVersion(ns)).Should(ContainSubstring(ipVersionPrefix))
 
+		// Check if restricted security context has been applyed
+		operatorPod := OperatorPod(ns)()
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.RunAsNonRoot).To(Equal(kubernetes.DefaultOperatorSecurityContext().RunAsNonRoot))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.Capabilities).To(Equal(kubernetes.DefaultOperatorSecurityContext().Capabilities))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.SeccompProfile).To(Equal(kubernetes.DefaultOperatorSecurityContext().SeccompProfile))
+		Expect(operatorPod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation).To(Equal(kubernetes.DefaultOperatorSecurityContext().AllowPrivilegeEscalation))
+
 		// Clean up
 		Expect(Kamel("delete", "--all", "-n", ns).Execute()).To(Succeed())
 		Expect(Kamel("uninstall", "-n", ns).Execute()).To(Succeed())

e2e/support/test_support.go

@@ -1344,6 +1344,16 @@ func OperatorImage(ns string) func() string {
 	}
 }
 
+func OperatorPodSecurityContext(ns string) func() *corev1.SecurityContext {
+	return func() *corev1.SecurityContext {
+		pod := OperatorPod(ns)()
+		if pod == nil || pod.Spec.Containers == nil || len(pod.Spec.Containers) == 0 {
+			return nil
+		}
+		return pod.Spec.Containers[0].SecurityContext
+	}
+}
+
 func OperatorPodHas(ns string, predicate func(pod *corev1.Pod) bool) func() bool {
 	return func() bool {
 		pod := OperatorPod(ns)()