From cadd1eb1d8b4b2b7699f6f0831e83b49f9d74446 Mon Sep 17 00:00:00 2001
From: Christian Kotzbauer <git@ckotzbauer.de>
Date: Sat, 19 Mar 2022 14:38:46 +0100
Subject: [PATCH] enhanced security

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
---
 charts/postgres-operator/Chart.yaml  | 2 +-
 charts/postgres-operator/values.yaml | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/charts/postgres-operator/Chart.yaml b/charts/postgres-operator/Chart.yaml
index 43d5060..e09d2f2 100644
--- a/charts/postgres-operator/Chart.yaml
+++ b/charts/postgres-operator/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: postgres-operator
 description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes
-version: 1.7.2
+version: 1.7.3
 appVersion: 1.7.1
 home: https://github.com/zalando/postgres-operator
 sources:
diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml
index 504670a..512e80d 100644
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@@ -394,6 +394,9 @@ securityContext:
   runAsNonRoot: true
   readOnlyRootFilesystem: true
   allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
 
 # Affinity for pod assignment
 # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity