From 034a34dcc2150184063e82403fe33b08c6cc5871 Mon Sep 17 00:00:00 2001
From: Chris Roemmich <croemmich@bushelpowered.com>
Date: Fri, 3 Nov 2023 16:01:16 -0500
Subject: [PATCH] update to operator version v1.11.0

---
 charts/spicedb-operator/Chart.yaml  |  4 ++--
 charts/spicedb-operator/values.yaml | 26 +++++++++++++++++---------
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/charts/spicedb-operator/Chart.yaml b/charts/spicedb-operator/Chart.yaml
index 1d88ebb..5c47484 100644
--- a/charts/spicedb-operator/Chart.yaml
+++ b/charts/spicedb-operator/Chart.yaml
@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.9
+version: 1.0.10
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v1.8.0"
+appVersion: "v1.11.0"
diff --git a/charts/spicedb-operator/values.yaml b/charts/spicedb-operator/values.yaml
index c10a3be..b6fbb6d 100644
--- a/charts/spicedb-operator/values.yaml
+++ b/charts/spicedb-operator/values.yaml
@@ -42,16 +42,24 @@ roleBinding:
 
 podAnnotations: {}
 
-podSecurityContext: {}
-# fsGroup: 2000
+podSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  runAsGroup: 65532
+  runAsNonRoot: true
+  runAsUser: 65532
+  seccompProfile:
+    type: RuntimeDefault
 
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-# runAsUser: 1000
+securityContext:
+  runAsGroup: 65532
+  runAsNonRoot: true
+  runAsUser: 65532
+  seccompProfile:
+    type: RuntimeDefault
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious