The yq script for setting the security context in the vectordb-minio deployment for Milvus is not correct

[pdettori]

Running the yq command as described here produces an invalid deployment for vectored-minio. Trying to apply the resulting deployment produces this error:

$ oc-n milvus apply -f milvus_manifest_standalone.yaml
secret/vectordb-minio unchanged
configmap/vectordb-minio unchanged
configmap/vectordb-milvus unchanged
persistentvolumeclaim/vectordb-minio unchanged
persistentvolumeclaim/vectordb-milvus unchanged
service/vectordb-minio unchanged
service/vectordb-milvus unchanged
deployment.apps/vectordb-milvus-standalone configured
the namespace from the provided object "default" does not match the namespace "milvus". You must pass '--namespace=default' to perform this operation.
Error from server (BadRequest): error when creating "milvus_manifest_standalone.yaml": Deployment in version "v1" cannot be handled as a Deployment: strict decoding error: unknown field "spec.template.spec.securityContext.allowPrivilegeEscalation", unknown field "spec.template.spec.securityContext.capabilities"

This is because the command :

yq '(select(.kind == "Deployment" and .metadata.name == "vectordb-minio") | .spec.template.spec.securityContext) = {"capabilities": {"drop": ["ALL"]}, "runAsNonRoot": true, "allowPrivilegeEscalation": false}' -i milvus_manifest_standalone.yaml

applies pod-level security context fields that should be set at container level.

The correct setting should be:

yq '(select(.kind == "Deployment" and .metadata.name == "vectordb-minio") | .spec.template.spec.containers[0].securityContext) = {"capabilities": {"drop": ["ALL"]}, "runAsNonRoot": true, "allowPrivilegeEscalation": false, "seccompProfile": {"type": "RuntimeDefault"} }' -I milvus_manifest_standalone.yaml

[pdettori]

Created #70 for your consideration