fix: Update controller deployment that supports Pod Security Admission (#167)

rashedkvm · web-flow · commit c0b441eeb858 · 2023-09-11T17:00:32.000-04:00
Signed-off-by: Rashed Kamal &lt;krashed@vmware.com&gt;
- Update controller deployment that supports Pod Security Admission
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -36,6 +36,12 @@ spec:
         name: manager
         securityContext:
           allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL  
         livenessProbe:
           httpGet:
             path: /healthz
diff --git a/dist/source-controller.yaml b/dist/source-controller.yaml
@@ -682,6 +682,12 @@ spec:
             memory: 20Mi
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
