From 6446f41f107620335d04ddcc47cd958a0a60e944 Mon Sep 17 00:00:00 2001
From: Gus Luxton <gus@goteleport.com>
Date: Mon, 21 Oct 2024 09:52:05 -0300
Subject: [PATCH] Update snapshots

---
 .../tests/__snapshot__/job_test.yaml.snap     | 58 ++++++++++++-------
 1 file changed, 38 insertions(+), 20 deletions(-)

diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
index 5778a68644853..35418b6a0f781 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -25,19 +25,17 @@ should create ServiceAccount for post-delete hook by default:
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:17.0.0-dev
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
         allowPrivilegeEscalation: false
         capabilities:
           drop:
-          - ALL
+          - all
         readOnlyRootFilesystem: true
         runAsNonRoot: true
         runAsUser: 9807
-        seccompProfile:
-          type: RuntimeDefault
     restartPolicy: OnFailure
     serviceAccountName: lint-serviceaccount
 should not create ServiceAccount for post-delete hook if serviceAccount.create is false:
@@ -108,19 +106,17 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i
                   fieldPath: metadata.namespace
             - name: RELEASE_NAME
               value: RELEASE-NAME
-            image: public.ecr.aws/gravitational/teleport-distroless:17.0.0-dev
+            image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
             imagePullPolicy: IfNotPresent
             name: post-delete-job
             securityContext:
               allowPrivilegeEscalation: false
               capabilities:
                 drop:
-                - ALL
+                - all
               readOnlyRootFilesystem: true
               runAsNonRoot: true
               runAsUser: 9807
-              seccompProfile:
-                type: RuntimeDefault
           restartPolicy: OnFailure
           serviceAccountName: lint-serviceaccount
 should not create ServiceAccount, Role or RoleBinding for post-delete hook if serviceAccount.create and rbac.create are false:
@@ -138,19 +134,17 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:17.0.0-dev
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
         allowPrivilegeEscalation: false
         capabilities:
           drop:
-          - ALL
+          - all
         readOnlyRootFilesystem: true
         runAsNonRoot: true
         runAsUser: 9807
-        seccompProfile:
-          type: RuntimeDefault
     restartPolicy: OnFailure
     serviceAccountName: lint-serviceaccount
 should set nodeSelector in post-delete hook:
@@ -168,19 +162,17 @@ should set nodeSelector in post-delete hook:
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:17.0.0-dev
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
         allowPrivilegeEscalation: false
         capabilities:
           drop:
-          - ALL
+          - all
         readOnlyRootFilesystem: true
         runAsNonRoot: true
         runAsUser: 9807
-        seccompProfile:
-          type: RuntimeDefault
     nodeSelector:
       gravitational.io/k8s-role: node
     restartPolicy: OnFailure
@@ -200,7 +192,7 @@ should set resources in the Job's pod spec if resources is set in values:
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:17.0.0-dev
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       resources:
@@ -214,11 +206,37 @@ should set resources in the Job's pod spec if resources is set in values:
         allowPrivilegeEscalation: false
         capabilities:
           drop:
-          - ALL
+          - all
+        readOnlyRootFilesystem: true
+        runAsNonRoot: true
+        runAsUser: 9807
+    restartPolicy: OnFailure
+    serviceAccountName: RELEASE-NAME-delete-hook
+should set securityContext in post-delete hook:
+  1: |
+    containers:
+    - args:
+      - kube-state
+      - delete
+      command:
+      - teleport
+      env:
+      - name: KUBE_NAMESPACE
+        valueFrom:
+          fieldRef:
+            fieldPath: metadata.namespace
+      - name: RELEASE_NAME
+        value: RELEASE-NAME
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      imagePullPolicy: IfNotPresent
+      name: post-delete-job
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+          - all
         readOnlyRootFilesystem: true
         runAsNonRoot: true
         runAsUser: 9807
-        seccompProfile:
-          type: RuntimeDefault
     restartPolicy: OnFailure
     serviceAccountName: RELEASE-NAME-delete-hook