From a145e76f2bc4bd7de783fec6e4e9af35d068c2bf Mon Sep 17 00:00:00 2001
From: Andi Skrgat <andi8647@gmail.com>
Date: Fri, 24 Jan 2025 12:17:14 +0100
Subject: [PATCH] Update security context for the running container

---
 .../memgraph-high-availability/templates/coordinators.yaml | 6 ++++++
 charts/memgraph-high-availability/templates/data.yaml      | 6 ++++++
 charts/memgraph-high-availability/values.yaml              | 7 +++----
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/charts/memgraph-high-availability/templates/coordinators.yaml b/charts/memgraph-high-availability/templates/coordinators.yaml
index 0dab291..ef802d7 100644
--- a/charts/memgraph-high-availability/templates/coordinators.yaml
+++ b/charts/memgraph-high-availability/templates/coordinators.yaml
@@ -132,6 +132,12 @@ spec:
             mountPath: /var/lib/memgraph
           - name: memgraph-coordinator-{{ $coordinator.id }}-log-storage
             mountPath: /var/log/memgraph
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ "ALL" ]
+          # Run by 'memgraph' user as specified in the Dockerfile
+
   volumeClaimTemplates:
     - metadata:
         name: memgraph-coordinator-{{ $coordinator.id }}-lib-storage
diff --git a/charts/memgraph-high-availability/templates/data.yaml b/charts/memgraph-high-availability/templates/data.yaml
index 88be229..26f6e99 100644
--- a/charts/memgraph-high-availability/templates/data.yaml
+++ b/charts/memgraph-high-availability/templates/data.yaml
@@ -142,6 +142,12 @@ spec:
             mountPath: /var/lib/memgraph
           - name: memgraph-data-{{ $data.id }}-log-storage
             mountPath: /var/log/memgraph
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ "ALL" ]
+          # Run by 'memgraph' user as specified in the Dockerfile
+
   volumeClaimTemplates:
     - metadata:
         name: memgraph-data-{{ $data.id }}-lib-storage
diff --git a/charts/memgraph-high-availability/values.yaml b/charts/memgraph-high-availability/values.yaml
index 5ff2d02..bb254c8 100644
--- a/charts/memgraph-high-availability/values.yaml
+++ b/charts/memgraph-high-availability/values.yaml
@@ -1,7 +1,6 @@
 image:
-  repository: memgraphacrha.azurecr.io/memgraph/memgraph
-    #tag: 2.22.0_23_8cb3c39c21
-  tag: 2.22.0_30_8a58da1477
+  repository: memgraph/memgraph
+  tag: 2.22.0
   pullPolicy: IfNotPresent
 env:
   MEMGRAPH_ENTERPRISE_LICENSE: "<your-license>"
@@ -21,7 +20,7 @@ storage:
   libPVCSize: "1Gi"
   libStorageAccessMode: "ReadWriteOnce"
   # By default the name of the storage class isn't set which means that the default storage class will be used.
-  # If you set any name, the storage class with such name must exist.
+  # If you set any name, such storage class must exist.
   libStorageClassName:
   logPVCSize: "1Gi"
   logStorageAccessMode: "ReadWriteOnce"