From 677a9ce1bce451081efc03529942c6d6e67ccae4 Mon Sep 17 00:00:00 2001
From: Aitor Perez <1515757+Zerpet@users.noreply.github.com>
Date: Tue, 25 Nov 2025 11:02:28 +0000
Subject: [PATCH] fix: set capabilities drop to caps in patches

In #1067 the capabilities was changed to caps, but some kustomize
patches were setting the securtity context. Those patches do not need to
set a security context, because they don't alter the context from the
"main" deploment manifest.
---
 config/default/base/manager_webhook_patch.yaml | 8 --------
 config/default/manager_webhook_patch.yaml      | 8 --------
 2 files changed, 16 deletions(-)

diff --git a/config/default/base/manager_webhook_patch.yaml b/config/default/base/manager_webhook_patch.yaml
index 36513f03..0465e073 100644
--- a/config/default/base/manager_webhook_patch.yaml
+++ b/config/default/base/manager_webhook_patch.yaml
@@ -16,14 +16,6 @@ spec:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - All
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
       volumes:
       - name: cert
         secret:
diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml
index 037e2d2c..738de350 100644
--- a/config/default/manager_webhook_patch.yaml
+++ b/config/default/manager_webhook_patch.yaml
@@ -16,14 +16,6 @@ spec:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - All
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
       volumes:
       - name: cert
         secret: