set readOnlyRootFilesystem: true for controller

Signed-off-by: Scott Trent <[email protected]>

bundle/manifests/susql-operator.clusterserviceversion.yaml

@@ -28,7 +28,7 @@ metadata:
     capabilities: Basic Install
     categories: Monitoring
     containerImage: quay.io/sustainable_computing_io/susql_operator:0.0.30
-    createdAt: "2024-09-11T00:19:43Z"
+    createdAt: "2024-09-12T05:06:08Z"
     description: 'Aggregates energy and CO2 emission data for pods tagged with SusQL
       labels '
     operators.operatorframework.io/builder: operator-sdk-v1.36.1
@@ -408,4 +408,5 @@ spec:
   provider:
     name: SusQL Operator Contributors
     url: https://github.com/sustainable-computing-io/susql-operator
+  replaces: susql-operator.v0.0.29
   version: 0.0.30

config/default/manager_config_patch.yaml

@@ -13,6 +13,7 @@ spec:
           runAsUser: 11001
           runAsGroup: 11001
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
           runAsNonRoot: true
           capabilities:
             drop:

config/manager/manager.yaml

@@ -59,6 +59,7 @@ spec:
         runAsNonRoot: true
         runAsUser: 11001
         runAsGroup: 11001
+        readOnlyRootFilesystem: true
         # TODO(user): For common cases that do not require escalating privileges
         # it is recommended to ensure that all your Pods/Containers are restrictive.
         # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted

config/manifests/bases/susql-operator.clusterserviceversion.yaml

@@ -116,4 +116,5 @@ spec:
   provider:
     name: SusQL Operator Contributors
     url: https://github.com/sustainable-computing-io/susql-operator
+  replaces: susql-operator.v0.0.29
   version: 0.0.0