manifests: Use user namespace for the operator

tchap · tchap · commit 4e9fafea80ce · 2025-10-09T15:57:27.000+02:00
The operator now uses hostUsers: false in the associated deployment.
All relevant user and group IDs are set to 1000.
diff --git a/manifests/09_deployment.yaml b/manifests/09_deployment.yaml
@@ -19,13 +19,12 @@ spec:
       name: openshift-controller-manager-operator
       annotations:
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
-        openshift.io/required-scc: nonroot-v2
+        openshift.io/required-scc: restricted-v3
       labels:
         app: openshift-controller-manager-operator
     spec:
+      hostUsers: false
       securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: openshift-controller-manager-operator
