Pods from rke2-machineconfig-cleanup-cronjob violates PodSecurity

E1106 11:40:11.379909       1 job_controller.go:1604] pods "rke2-machineconfig-cleanup-cronjob-28847525-xbf5r" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "rke2-machineconfig-cleanup-pod" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "rke2-machineconfig-cleanup-pod" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "rke2-machineconfig-cleanup-pod" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "rke2-machineconfig-cleanup-pod" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

E1106 11:40:11.379991       1 job_controller.go:587] syncing job: pods "rke2-machineconfig-cleanup-cronjob-28847525-xbf5r" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "rke2-machineconfig-cleanup-pod" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "rke2-machineconfig-cleanup-pod" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "rke2-machineconfig-cleanup-pod" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "rke2-machineconfig-cleanup-pod" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

I1106 11:40:11.380085       1 event.go:376] "Event occurred" object="fleet-default/rke2-machineconfig-cleanup-cronjob-28847525" fieldPath="" kind="Job" apiVersion="batch/v1" type="Warning" reason="FailedCreate" message="Error creating: pods \"rke2-machineconfig-cleanup-cronjob-28847525-xbf5r\" is forbidden: violates PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"rke2-machineconfig-cleanup-pod\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"rke2-machineconfig-cleanup-pod\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"rke2-machineconfig-cleanup-pod\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"rke2-machineconfig-cleanup-pod\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"

^ Logs from kube-controller-manager:

kubectl get cronjob/rke2-machineconfig-cleanup-cronjob -n fleet-default 
NAME                                 SCHEDULE    SUSPEND   ACTIVE   LAST SCHEDULE   AGE
rke2-machineconfig-cleanup-cronjob   5 0 * * *   False     1        11h             13h

This cronjob is executed 5 0 * * * which explains why we can't see the error on a CI cluster.