Merge pull request wildfly#272 from jmesnil/266_security-context_kust…

…omize

[wildfly#266] Updated Pod security standards

config/manager/manager.yaml

@@ -13,6 +13,9 @@ spec:
         name: wildfly-operator
     spec:
       serviceAccountName: wildfly-operator
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - command:
         - wildfly-operator
@@ -51,4 +54,10 @@ spec:
           requests:
             cpu: 100m
             memory: 20Mi
-      terminationGracePeriodSeconds: 10
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          capabilities:
+            drop:
+              - ALL
+      terminationGracePeriodSeconds: 10

config/manifests/bases/wildfly-operator.clusterserviceversion.yaml

@@ -55,6 +55,9 @@ spec:
               labels:
                 name: wildfly-operator
             spec:
+              securityContext:
+               seccompProfile:
+                 type: RuntimeDefault
               containers:
               - command:
                 - wildfly-operator
@@ -73,6 +76,12 @@ spec:
                 imagePullPolicy: Always
                 name: wildfly-operator
                 resources: {}
+                securityContext:
+                  allowPrivilegeEscalation: false
+                  runAsNonRoot: true
+                  capabilities:
+                    drop:
+                      - ALL
               serviceAccountName: wildfly-operator
       permissions:
       - rules: