From c2c6e16c30cffa67cbd56641fcb1150dbd59145e Mon Sep 17 00:00:00 2001
From: Gerrit91 <info@gerritschwerthelm.de>
Date: Wed, 13 Dec 2023 11:04:22 +0100
Subject: [PATCH] Run audittailer container as non root.

Missed this field when migrating from the helm-chart to the Golang resource.
---
 pkg/controller/audit/actuator.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/controller/audit/actuator.go b/pkg/controller/audit/actuator.go
index f29ae47..7487a2c 100644
--- a/pkg/controller/audit/actuator.go
+++ b/pkg/controller/audit/actuator.go
@@ -1015,6 +1015,7 @@ func shootObjects(auditConfig *v1alpha1.AuditConfig, secrets map[string]*corev1.
 								},
 								SecurityContext: &corev1.SecurityContext{
 									RunAsUser:                pointer.Pointer(int64(65534)),
+									RunAsNonRoot:             pointer.Pointer(true),
 									AllowPrivilegeEscalation: pointer.Pointer(false),
 									SeccompProfile: &corev1.SeccompProfile{
 										Type: corev1.SeccompProfileTypeRuntimeDefault,