update manager configuration to be in line with CAPI for security con…

…text
rancher · Aug 7, 2024 · e51a63f · e51a63f
1 parent 47c04ae
commit e51a63f
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/bootstrap/config/manager/manager.yaml b/bootstrap/config/manager/manager.yaml
@@ -46,13 +46,17 @@ spec:
           capabilities:
             drop:
               - ALL
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: false
+          runAsUser: 65532
+          runAsGroup: 65532
       terminationGracePeriodSeconds: 10
       serviceAccountName: manager
       tolerations:
         - effect: NoSchedule
           key: node-role.kubernetes.io/master
         - effect: NoSchedule
           key: node-role.kubernetes.io/control-plane
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault