Added container security capability

Signed-off-by: Kanha gupta <kanhag4163@gmail.com>

pkg/antctl/raw/check/cluster/command.go

@@ -171,6 +171,11 @@ func (t *testContext) setup(ctx context.Context) error {
 		NodeSelector: map[string]string{
 			"kubernetes.io/os": "linux",
 		},
+		SecurityContext: &corev1.SecurityContext{
+			Capabilities: &corev1.Capabilities{
+				Add: []corev1.Capability{"SYS_MODULE"},
+			},
+		},
 	})
 
 	t.Log("Creating Deployment")

pkg/antctl/raw/check/util.go

@@ -152,6 +152,7 @@ func NewDeployment(p DeploymentParameters) *appsv1.Deployment {
 							Command:         p.Command,
 							Args:            p.Args,
 							VolumeMounts:    p.VolumeMounts,
+							SecurityContext: p.SecurityContext,
 						},
 					},
 					Tolerations: p.Tolerations,
@@ -164,20 +165,21 @@ func NewDeployment(p DeploymentParameters) *appsv1.Deployment {
 }
 
 type DeploymentParameters struct {
-	Name         string
-	Role         string
-	Image        string
-	Replicas     int
-	Port         int
-	Command      []string
-	Args         []string
-	Affinity     *corev1.Affinity
-	Tolerations  []corev1.Toleration
-	Labels       map[string]string
-	VolumeMounts []corev1.VolumeMount
-	Volumes      []corev1.Volume
-	HostNetwork  bool
-	NodeSelector map[string]string
+	Name            string
+	Role            string
+	Image           string
+	Replicas        int
+	Port            int
+	Command         []string
+	Args            []string
+	Affinity        *corev1.Affinity
+	Tolerations     []corev1.Toleration
+	Labels          map[string]string
+	VolumeMounts    []corev1.VolumeMount
+	Volumes         []corev1.Volume
+	HostNetwork     bool
+	NodeSelector    map[string]string
+	SecurityContext *corev1.SecurityContext
 }
 
 func WaitForDeploymentsReady(ctx context.Context,