add securityContext to the controller (#71)

defo89 · web-flow · commit b14d75ae2ce0 · 2025-03-18T15:24:01.000+02:00
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -49,14 +49,9 @@ spec:
       #             values:
       #               - linux
       securityContext:
-        runAsNonRoot: false
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - command:
         - /manager
@@ -69,7 +64,9 @@ spec:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
-            - "ALL"
+            - ALL
+          runAsUser: 65532
+          runAsGroup: 65532
         livenessProbe:
           httpGet:
             path: /healthz
