manifests: Use user namespace for the operator

The operator now uses hostUsers: false in the associated deployment.
All relevant user and group IDs are set to 1000.

Author: tchap

manifests/09_deployment.yaml

@@ -19,13 +19,16 @@ spec:
       name: openshift-controller-manager-operator
       annotations:
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
-        openshift.io/required-scc: nonroot-v2
+        openshift.io/required-scc: restricted-v3
       labels:
         app: openshift-controller-manager-operator
     spec:
+      hostUsers: false
       securityContext:
         runAsNonRoot: true
-        runAsUser: 65534
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: openshift-controller-manager-operator