From 584ce38abc98a9ac986649d3266894eab25508c4 Mon Sep 17 00:00:00 2001
From: Scott Trent <trent@jp.ibm.com>
Date: Tue, 10 Sep 2024 17:11:41 +0900
Subject: [PATCH] improve security in pod

Signed-off-by: Scott Trent <trent@jp.ibm.com>
---
 config/default/manager_config_patch.yaml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml
index d9c015a..550ee39 100644
--- a/config/default/manager_config_patch.yaml
+++ b/config/default/manager_config_patch.yaml
@@ -8,9 +8,12 @@ spec:
     spec:
       containers:
       - name: manager
-      securityContext:
-        allowPrivilegeEscalation: false
-        runAsNonRoot: true
-        capabilities:
-          drop:
-          - ALL
+        imagePullPolicy: Always
+        securityContext:
+          runAsUser: 11001
+          runAsGroup: 11001
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          capabilities:
+            drop:
+            - ALL