stackrox · dcaravel · Apr 14, 2026 · Apr 3, 2026 · Apr 3, 2026
diff --git a/deploy/common/k8sbased.sh b/deploy/common/k8sbased.sh
@@ -231,7 +231,7 @@ function launch_central {
     { command -v oc >/dev/null && pkill -f oc'.*port-forward.*'; } || true    # terminate stale port forwarding from earlier runs
     { command -v oc >/dev/null && pkill -9 -f oc'.*port-forward.*'; } || true
 
-    if [[ "${STORAGE_CLASS}" == "faster" ]]; then
+    if [[ "${STORAGE_CLASS}" == "faster" || "${SCANNER_V4_DB_STORAGE_CLASS}" == "faster" ]]; then
         kubectl apply -f "${common_dir}/ssd-storageclass.yaml"
     fi
 
@@ -464,6 +464,10 @@ function launch_central {
         helm_args+=(-f "${COMMON_DIR}/ci-values.yaml")
       fi
 
+      if [[ -n "${SCANNER_V4_DB_STORAGE_CLASS}" ]]; then
+        helm_args+=(--set "scannerV4.db.persistence.persistentVolumeClaim.storageClass=${SCANNER_V4_DB_STORAGE_CLASS}")
+      fi
+
       # Add a custom values file to Helm
       if [[ -n "$ROX_CENTRAL_EXTRA_HELM_VALUES_FILE" ]]; then
         helm_args+=(
@@ -523,6 +527,14 @@ function launch_central {
               if [[ -x "${unzip_dir}/scanner-v4/scripts/setup.sh" ]]; then
                 "${unzip_dir}/scanner-v4/scripts/setup.sh"
               fi
+              if [[ -n "${SCANNER_V4_DB_STORAGE_CLASS}" ]]; then
+                pvc_file="${unzip_dir}/scanner-v4/02-scanner-v4-06-db-pvc.yaml"
+                if [[ -f "${pvc_file}" ]]; then
+                  sed -i "s|^spec:$|spec:\n  storageClassName: ${SCANNER_V4_DB_STORAGE_CLASS}|" "${pvc_file}"
+                else
+                  echo >&2 "WARNING: SCANNER_V4_DB_STORAGE_CLASS is set but ${pvc_file} not found; storage class will not be applied."
+                fi
+              fi
               launch_service "${unzip_dir}" scanner-v4
             else
               echo >&2 "WARNING: Deployment bundle does not seem to contain support for Scanner V4."

diff --git a/scripts/ci/jobs/gke_nongroovy_compatibility_tests.py b/scripts/ci/jobs/gke_nongroovy_compatibility_tests.py
@@ -12,6 +12,7 @@
 
 # set required test parameters
 os.environ["ORCHESTRATOR_FLAVOR"] = "k8s"
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "stackrox-gke-ssd"
 
 # Run supported central and sensor version tuples against QaE2eGoCompatibilityTest (nongroovy compatibility tests)
 run_compatibility_tests(QaE2eGoCompatibilityTest, "nongroovy-compat-test")
diff --git a/scripts/ci/jobs/gke_nongroovy_e2e_tests.py b/scripts/ci/jobs/gke_nongroovy_e2e_tests.py
@@ -12,6 +12,7 @@
 
 # set required test parameters
 os.environ["ORCHESTRATOR_FLAVOR"] = "k8s"
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "faster"
 
 # delegated scanning support in the secured cluster
 os.environ["SENSOR_SCANNER_SUPPORT"] = "true"

diff --git a/scripts/ci/jobs/gke_qa_e2e_tests.py b/scripts/ci/jobs/gke_qa_e2e_tests.py
@@ -12,6 +12,8 @@
 os.environ["GCP_IMAGE_TYPE"] = "cos_containerd"
 os.environ["OUTPUT_FORMAT"] = "helm"
 
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "stackrox-gke-ssd"
+
 os.environ["ROX_RISK_REPROCESSING_INTERVAL"] = "15s"
 os.environ["ROX_SENSOR_CONNECTION_RETRY_MAX_INTERVAL"] = "30s"
 

diff --git a/scripts/ci/jobs/gke_race_condition_qa_e2e_tests.py b/scripts/ci/jobs/gke_race_condition_qa_e2e_tests.py
@@ -10,6 +10,7 @@
 # set test parameters
 os.environ["ORCHESTRATOR_FLAVOR"] = "k8s"
 os.environ["GCP_IMAGE_TYPE"] = "cos_containerd"
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "faster"
 
 # use -rcd image for stackrox/main
 os.environ["MAIN_IMAGE_TAG"] = os.environ["STACKROX_BUILD_TAG"] + "-rcd"

diff --git a/scripts/ci/jobs/gke_scale_tests.py b/scripts/ci/jobs/gke_scale_tests.py
@@ -15,6 +15,7 @@
 os.environ["OUTPUT_FORMAT"] = "helm"
 os.environ["STORAGE"] = "pvc"
 os.environ["STORAGE_CLASS"] = "faster"
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "stackrox-gke-ssd"
 os.environ["STORAGE_SIZE"] = "100"
 os.environ["STORE_METRICS"] = os.environ["COMPARISON_METRICS"]
 os.environ["ROX_BASELINE_GENERATION_DURATION"] = "5m"

diff --git a/scripts/ci/jobs/gke_sensor_integration_tests.py b/scripts/ci/jobs/gke_sensor_integration_tests.py
@@ -11,6 +11,7 @@
 
 # set required test parameters
 os.environ["ORCHESTRATOR_FLAVOR"] = "k8s"
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "faster"
 
 ClusterTestRunner(
     pre_test=PreSystemTests(run_poll_for_system_test_images=False),

diff --git a/scripts/ci/jobs/gke_ui_e2e_tests.py b/scripts/ci/jobs/gke_ui_e2e_tests.py
@@ -16,6 +16,7 @@
 # Override test env defaults here:
 # (for defaults see: tests/e2e/lib.sh export_test_environment())
 os.environ["OUTPUT_FORMAT"] = "helm"
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "stackrox-gke-ssd"
 os.environ["SENSOR_SCANNER_SUPPORT"] = "true"
 
 ClusterTestRunner(

diff --git a/scripts/ci/jobs/gke_upgrade_tests.py b/scripts/ci/jobs/gke_upgrade_tests.py
@@ -11,6 +11,7 @@
 from post_tests import PostClusterTest, FinalPost
 
 os.environ["ORCHESTRATOR_FLAVOR"] = "k8s"
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "faster"
 
 ClusterTestRunner(
     cluster=GKECluster("upgrade-test", machine_type="e2-standard-8"),

diff --git a/scripts/ci/jobs/gke_version_compatibility_tests.py b/scripts/ci/jobs/gke_version_compatibility_tests.py
@@ -12,6 +12,7 @@
 
 # set required test parameters
 os.environ["ORCHESTRATOR_FLAVOR"] = "k8s"
+os.environ["SCANNER_V4_DB_STORAGE_CLASS"] = "stackrox-gke-ssd"
 
 # Run supported central and sensor version tuples against QaE2eTestCompatibility (groovy compatibility tests)
 run_compatibility_tests(QaE2eTestCompatibility, "compat-test")
diff --git a/tests/e2e/lib.sh b/tests/e2e/lib.sh
@@ -260,6 +260,18 @@ deploy_central() {
     fi
 }
 
+# _scanner_v4_db_persistence_yaml prints the YAML snippet for the scannerV4.db
+# persistence block, indented for use inside an operator CR template. Prints
+# nothing when SCANNER_V4_DB_STORAGE_CLASS is unset.
+_scanner_v4_db_persistence_yaml() {
+    [[ -n "${SCANNER_V4_DB_STORAGE_CLASS:-}" ]] || return 0
+    cat <<EOF
+      persistence:
+        persistentVolumeClaim:
+          storageClassName: "${SCANNER_V4_DB_STORAGE_CLASS}"
+EOF
+}
+
 # shellcheck disable=SC2120
 deploy_central_via_operator() {
     local central_namespace=${1:-stackrox}
@@ -354,6 +366,9 @@ deploy_central_via_operator() {
         false) scannerV4ScannerComponent="Disabled" ;;
     esac
 
+    local scannerV4DbPersistenceYaml
+    scannerV4DbPersistenceYaml="$(_scanner_v4_db_persistence_yaml)"
+
     CENTRAL_YAML_PATH="tests/e2e/yaml/central-cr.envsubst.yaml"
     # Different yaml for midstream images
     if [[ "${USE_MIDSTREAM_IMAGES}" == "true" ]]; then
@@ -369,6 +384,7 @@ deploy_central_via_operator() {
       central_exposure_route_enabled="$central_exposure_route_enabled" \
       customize_envVars="$customize_envVars" \
       scannerV4ScannerComponent="$scannerV4ScannerComponent" \
+      scannerV4DbPersistenceYaml="$scannerV4DbPersistenceYaml" \
     "${envsubst}" \
       < "${CENTRAL_YAML_PATH}" | kubectl apply -n "${central_namespace}" -f -
 
@@ -464,11 +480,15 @@ deploy_sensor_via_operator() {
         customize_envVars+=$'\n      value: "'"${ROX_NETFLOW_CACHE_LIMITING}"'"'
     fi
 
+    local scannerV4DbPersistenceYaml
+    scannerV4DbPersistenceYaml="$(_scanner_v4_db_persistence_yaml)"
+
     env - \
       scanner_component_setting="$scanner_component_setting" \
       fam_mode_setting="$fam_mode_setting" \
       central_endpoint="$central_endpoint" \
       customize_envVars="$customize_envVars" \
+      scannerV4DbPersistenceYaml="$scannerV4DbPersistenceYaml" \
     "${envsubst}" \
       < "${secured_cluster_yaml_path}" | kubectl apply -n "${sensor_namespace}" --validate="${validate}" -f -
 

diff --git a/tests/e2e/yaml/central-cr.envsubst.yaml b/tests/e2e/yaml/central-cr.envsubst.yaml
@@ -64,6 +64,7 @@ $centralAdditionalCAIndented
           cpu: "6000m"
           memory: "2000Mi"
     db:
+$scannerV4DbPersistenceYaml
       resources:
         requests:
           cpu: "300m"

diff --git a/tests/e2e/yaml/secured-cluster-cr-with-scanner-v4.envsubst.yaml b/tests/e2e/yaml/secured-cluster-cr-with-scanner-v4.envsubst.yaml
@@ -67,6 +67,7 @@ spec:
           cpu: "2000m"
           memory: "2Gi"
     db:
+$scannerV4DbPersistenceYaml
       resources:
         requests:
           cpu: "200m"