From cf3b12c095d8f410833c60e620704df93c7ea319 Mon Sep 17 00:00:00 2001
From: razo7 <oraz@redhat.com>
Date: Tue, 9 May 2023 15:39:36 +0300
Subject: [PATCH] Apply PSA changes

Drop all capabilites and add seccompProfile to comply with PSA changes from K8s v1.25
---
 .../fence-agents-remediation.clusterserviceversion.yaml      | 5 +++++
 config/manager/manager.yaml                                  | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml b/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml
index 810ed95a..a63774bf 100644
--- a/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml
+++ b/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml
@@ -249,8 +249,13 @@ spec:
                     memory: 64Mi
                 securityContext:
                   allowPrivilegeEscalation: false
+                  capabilities:
+                    drop:
+                    - ALL
               securityContext:
                 runAsNonRoot: true
+                seccompProfile:
+                  type: RuntimeDefault
               serviceAccountName: fence-agents-remediation-controller-manager
               terminationGracePeriodSeconds: 10
       permissions:
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index b87a5a1b..7f63f428 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -25,6 +25,8 @@ spec:
         control-plane: controller-manager
     spec:
       securityContext:
+        seccompProfile:
+          type: RuntimeDefault
         runAsNonRoot: true
       containers:
       - command:
@@ -40,6 +42,9 @@ spec:
                 fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
         livenessProbe:
           httpGet:
             path: /healthz