From 070dd016ba5f2a5a50db302f3228878848b4fb4a Mon Sep 17 00:00:00 2001
From: Pat Riehecky <riehecky@fnal.gov>
Date: Fri, 30 Jun 2023 14:32:49 -0500
Subject: [PATCH] Set the defaults to compatible with pss-restricted

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
---
 charts/kafka-ui/Chart.yaml  |  2 +-
 charts/kafka-ui/values.yaml | 19 ++++++++++---------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/charts/kafka-ui/Chart.yaml b/charts/kafka-ui/Chart.yaml
index db048a96..66db4824 100644
--- a/charts/kafka-ui/Chart.yaml
+++ b/charts/kafka-ui/Chart.yaml
@@ -2,6 +2,6 @@ apiVersion: v2
 name: kafka-ui
 description: A Helm chart for kafka-UI
 type: application
-version: 0.7.2
+version: 0.8.0
 appVersion: v0.7.1
 icon: https://github.com/provectus/kafka-ui/raw/master/documentation/images/kafka-ui-logo.png
diff --git a/charts/kafka-ui/values.yaml b/charts/kafka-ui/values.yaml
index 72038e9b..39059224 100644
--- a/charts/kafka-ui/values.yaml
+++ b/charts/kafka-ui/values.yaml
@@ -79,17 +79,18 @@ probes:
   useHttpsScheme: false
 
 podSecurityContext:
-  {}
-  # fsGroup: 2000
+  fsGroup: 101
 
 securityContext:
-  {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  runAsGroup: 101
+  runAsNonRoot: true
+  runAsUser: 100
+  seccompProfile:
+    type: RuntimeDefault
 
 service:
   type: ClusterIP