fix MustRunAs

Rohit Patil · Rohit Patil · commit e9a20b14f53d · 2025-11-13T12:34:27.000+05:30
diff --git a/pkg/security/apis/security/v1/defaults.go b/pkg/security/apis/security/v1/defaults.go
@@ -12,9 +12,17 @@ func AddDefaultingFuncs(scheme *runtime.Scheme) error {
 		scc := obj.(*v1.SecurityContextConstraints)
 		sccdefaults.SetDefaults_SCC(scc)
 
-		// Default RunAsGroup to RunAsAny if not set
+		// Default RunAsGroup to MustRunAs with ranges if not set
 		if len(scc.RunAsGroup.Type) == 0 {
-			scc.RunAsGroup.Type = v1.RunAsGroupStrategyRunAsAny
+			min := int64(1000)
+			max := int64(65534)
+			scc.RunAsGroup.Type = v1.RunAsGroupStrategyMustRunAs
+			scc.RunAsGroup.Ranges = []v1.RunAsGroupIDRange{
+				{
+					Min: &min,
+					Max: &max,
+				},
+			}
 		}
 	})
 
