Update security context for the running container

charts/memgraph-high-availability/templates/coordinators.yaml

@@ -132,6 +132,12 @@ spec:
             mountPath: /var/lib/memgraph
           - name: memgraph-coordinator-{{ $coordinator.id }}-log-storage
             mountPath: /var/log/memgraph
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ "ALL" ]
+          # Run by 'memgraph' user as specified in the Dockerfile
+
   volumeClaimTemplates:
     - metadata:
         name: memgraph-coordinator-{{ $coordinator.id }}-lib-storage

charts/memgraph-high-availability/templates/data.yaml

@@ -142,6 +142,12 @@ spec:
             mountPath: /var/lib/memgraph
           - name: memgraph-data-{{ $data.id }}-log-storage
             mountPath: /var/log/memgraph
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ "ALL" ]
+          # Run by 'memgraph' user as specified in the Dockerfile
+
   volumeClaimTemplates:
     - metadata:
         name: memgraph-data-{{ $data.id }}-lib-storage

charts/memgraph-high-availability/values.yaml

@@ -1,7 +1,6 @@
 image:
-  repository: memgraphacrha.azurecr.io/memgraph/memgraph
-    #tag: 2.22.0_23_8cb3c39c21
-  tag: 2.22.0_30_8a58da1477
+  repository: memgraph/memgraph
+  tag: 2.22.0
   pullPolicy: IfNotPresent
 env:
   MEMGRAPH_ENTERPRISE_LICENSE: "<your-license>"
@@ -21,7 +20,7 @@ storage:
   libPVCSize: "1Gi"
   libStorageAccessMode: "ReadWriteOnce"
   # By default the name of the storage class isn't set which means that the default storage class will be used.
-  # If you set any name, the storage class with such name must exist.
+  # If you set any name, such storage class must exist.
   libStorageClassName:
   logPVCSize: "1Gi"
   logStorageAccessMode: "ReadWriteOnce"