Bug 2086408: Add security context to controller

[thejasn]

Replaces the default security context with the following strict security context.

Updated Security Context

SecurityContext{
            Capabilities: &corev1.Capabilities{
                Drop: []corev1.Capability{"ALL"},
            },
            Privileged:               pointer.Bool(false),
            RunAsNonRoot:             pointer.Bool(true),
            AllowPrivilegeEscalation: pointer.Bool(false),
            SeccompProfile: &corev1.SeccompProfile{
                Type: corev1.SeccompProfileTypeRuntimeDefault,
            },
        }

Fixes pod security violation in OCP 4.11+ since pod security admission level is set as "restricted" by default.

Signed-off-by: thejasn thn@redhat.com

[openshift-ci[bot]]

@thejasn: This pull request references Bugzilla bug 2086408, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target release (4.11.0) matches configured target release for branch (4.11.0) * bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact: /cc @quarterpin

In response to [this](https://github.com/openshift/external-dns-operator/pull/158): >Bug 2086408: Add security context to controller [WIP] Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[thejasn]

/label do-not-merge/work-in-progress

[openshift-ci[bot]]

@thejasn: The label(s) /label do-not-merge/work-in-progress cannot be applied. These labels are supported: platform/aws, platform/azure, platform/baremetal, platform/google, platform/libvirt, platform/openstack, ga, tide/merge-method-merge, tide/merge-method-rebase, tide/merge-method-squash, px-approved, docs-approved, qe-approved, downstream-change-needed, backport-risk-assessed, cherry-pick-approved

In response to [this](https://github.com/openshift/external-dns-operator/pull/158#issuecomment-1129772824): >/label do-not-merge/work-in-progress Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[thejasn]

/test e2e-aws-operator

[thejasn]

/test e2e-azure-operator

[thejasn]

/test e2e-aws-operator

[alebedev87]

/lgtm

[alebedev87]

/assign @quarterpin

[openshift-ci[bot]]

@thejasn: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[alebedev87]

/lgtm

[alebedev87]

/approve

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alebedev87, thejasn

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/external-dns-operator/blob/main/OWNERS)~~ [alebedev87] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[quarterpin]

/label qe-approved

[CFields651]

/label px-approved

[alebedev87]

/assign @xenolinux

[xenolinux]

/label docs-approved

[openshift-ci[bot]]

@thejasn: All pull requests linked via external trackers have merged:

• openshift/external-dns-operator#158

Bugzilla bug 2086408 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/external-dns-operator/pull/158): >Bug 2086408: Add security context to controller Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.