Update skopeo pod for psa (#2844)

Signed-off-by: perdasilva <[email protected]>

Author: perdasilva

test/e2e/skopeo.go

@@ -6,6 +6,7 @@ import (
 	"os/exec"
 
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/operatorclient"
+	"k8s.io/utils/pointer"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -81,11 +82,25 @@ func createSkopeoPod(client operatorclient.ClientInterface, args []string, names
 			Labels:    map[string]string{"name": skopeo},
 		},
 		Spec: corev1.PodSpec{
+			SecurityContext: &corev1.PodSecurityContext{
+				SeccompProfile: &corev1.SeccompProfile{
+					Type: corev1.SeccompProfileTypeRuntimeDefault,
+				},
+			},
 			Containers: []corev1.Container{
 				{
 					Name:  skopeo,
 					Image: skopeoImage,
 					Args:  args,
+					SecurityContext: &corev1.SecurityContext{
+						ReadOnlyRootFilesystem:   pointer.Bool(false),
+						AllowPrivilegeEscalation: pointer.Bool(false),
+						Capabilities: &corev1.Capabilities{
+							Drop: []corev1.Capability{"ALL"},
+						},
+						RunAsNonRoot: pointer.Bool(true),
+						RunAsUser:    pointer.Int64(1001),
+					},
 				},
 			},
 			RestartPolicy: corev1.RestartPolicyNever,