diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
index b42c4090..42b32175 100644
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -12,10 +12,9 @@ spec:
       - name: kube-rbac-proxy
         securityContext:
           allowPrivilegeEscalation: false
-        # TODO(user): uncomment for common cases that do not require escalating privileges
-        # capabilities:
-        #   drop:
-        #     - "ALL"
+          capabilities:
+            drop:
+              - "ALL"
         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
         args:
         - "--secure-listen-address=0.0.0.0:8443"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 1a8beb25..b8043fd8 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -51,7 +51,6 @@ spec:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
-        # TODO(user): uncomment for common cases that do not require escalating privileges
           capabilities:
             drop:
             - "ALL"