MLE-24842: Fix security Vulnerability issue with The Kubernetes container requests the NET_RAW capability

Peng Zhou · Peng Zhou · commit 8f2782e0d6a0 · 2025-10-27T12:56:42.000-07:00
diff --git a/charts/marklogic-operator-kubernetes/values.yaml b/charts/marklogic-operator-kubernetes/values.yaml
@@ -10,6 +10,7 @@ controllerManager:
       capabilities:
         drop:
         - ALL
+      runAsNonRoot: true
     image:
       repository: gcr.io/kubebuilder/kube-rbac-proxy
       tag: v0.15.0
@@ -30,6 +31,7 @@ controllerManager:
       capabilities:
         drop:
         - ALL
+      runAsNonRoot: true
     image:
       repository: progressofficial/marklogic-operator-kubernetes
       tag: 1.1.0
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -15,6 +15,7 @@ spec:
           capabilities:
             drop:
             - "ALL"
+          runAsNonRoot: true
         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
         args:
         - "--secure-listen-address=0.0.0.0:8443"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -77,6 +77,7 @@ spec:
           capabilities:
             drop:
             - "ALL"
+          runAsNonRoot: true
         livenessProbe:
           httpGet:
             path: /healthz
