Drop all capabilities for the webhook server container (#1073)

bundle-hub/manifests/kernel-module-management-hub.clusterserviceversion.yaml

@@ -32,7 +32,7 @@ metadata:
         }
       ]
     capabilities: Basic Install
-    createdAt: "2024-04-02T12:56:20Z"
+    createdAt: "2024-04-04T09:19:49Z"
     operatorframework.io/suggested-namespace: openshift-kmm-hub
     operators.operatorframework.io/builder: operator-sdk-v1.32.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -355,6 +355,9 @@ spec:
                     memory: 64Mi
                 securityContext:
                   allowPrivilegeEscalation: false
+                  capabilities:
+                    drop:
+                    - ALL
                 volumeMounts:
                 - mountPath: /controller_config.yaml
                   name: manager-config

bundle/manifests/kernel-module-management.clusterserviceversion.yaml

@@ -48,7 +48,7 @@ metadata:
         }
       ]
     capabilities: Basic Install
-    createdAt: "2024-04-02T12:56:20Z"
+    createdAt: "2024-04-04T09:19:49Z"
     operatorframework.io/suggested-namespace: openshift-kmm
     operators.operatorframework.io/builder: operator-sdk-v1.32.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -502,6 +502,9 @@ spec:
                     memory: 64Mi
                 securityContext:
                   allowPrivilegeEscalation: false
+                  capabilities:
+                    drop:
+                    - ALL
                 volumeMounts:
                 - mountPath: /controller_config.yaml
                   name: manager-config

config/webhook-server/deployment.yaml

@@ -40,6 +40,8 @@ spec:
           args: [--config=controller_config.yaml]
           securityContext:
             allowPrivilegeEscalation: false
+            capabilities:
+              drop: [ALL]
           livenessProbe:
             httpGet:
               path: /healthz