From 1a5caaff7192c1fba10d632d7d8fb958eb377228 Mon Sep 17 00:00:00 2001
From: matilote <mateusz.jedrzejewski@yahoo.pl>
Date: Tue, 23 Jan 2024 19:49:39 +0100
Subject: [PATCH 1/4] fix init container stx

---
 charts/execution-beacon/templates/statefulset.yaml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/charts/execution-beacon/templates/statefulset.yaml b/charts/execution-beacon/templates/statefulset.yaml
index 0120ba882..50d764bf3 100644
--- a/charts/execution-beacon/templates/statefulset.yaml
+++ b/charts/execution-beacon/templates/statefulset.yaml
@@ -50,7 +50,15 @@ spec:
           image: "{{ .Values.global.initImage.repository }}:{{ .Values.global.initImage.tag }}"
           imagePullPolicy: {{ .Values.global.initImage.pullPolicy }}
           securityContext:
-            {{- toYaml .Values.global.securityContext | nindent 12 }}
+            runAsUser: 0
+          capabilities:
+            add:
+             - CHOWN
+             - FOWNER
+             - DAC_OVERRIDE
+            drop:
+            - ALL
+          allowPrivilegeEscalation: true
           env:
             - name: POD_IP
               valueFrom:

From a70c15618032f52321470ce3f65b43e7ad705d92 Mon Sep 17 00:00:00 2001
From: matilote <mateusz.jedrzejewski@yahoo.pl>
Date: Tue, 23 Jan 2024 19:49:59 +0100
Subject: [PATCH 2/4] fix identation

---
 charts/execution-beacon/templates/statefulset.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/charts/execution-beacon/templates/statefulset.yaml b/charts/execution-beacon/templates/statefulset.yaml
index 50d764bf3..357bde976 100644
--- a/charts/execution-beacon/templates/statefulset.yaml
+++ b/charts/execution-beacon/templates/statefulset.yaml
@@ -51,13 +51,13 @@ spec:
           imagePullPolicy: {{ .Values.global.initImage.pullPolicy }}
           securityContext:
             runAsUser: 0
-          capabilities:
-            add:
-             - CHOWN
-             - FOWNER
-             - DAC_OVERRIDE
-            drop:
-            - ALL
+            capabilities:
+              add:
+              - CHOWN
+              - FOWNER
+              - DAC_OVERRIDE
+              drop:
+              - ALL
           allowPrivilegeEscalation: true
           env:
             - name: POD_IP

From 9447b481cb128d7077f637d121e1712e18d86323 Mon Sep 17 00:00:00 2001
From: matilote <mateusz.jedrzejewski@yahoo.pl>
Date: Tue, 23 Jan 2024 19:54:35 +0100
Subject: [PATCH 3/4] add runAsNonRoot false

---
 charts/execution-beacon/templates/statefulset.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/charts/execution-beacon/templates/statefulset.yaml b/charts/execution-beacon/templates/statefulset.yaml
index 357bde976..f5267fe8c 100644
--- a/charts/execution-beacon/templates/statefulset.yaml
+++ b/charts/execution-beacon/templates/statefulset.yaml
@@ -50,6 +50,7 @@ spec:
           image: "{{ .Values.global.initImage.repository }}:{{ .Values.global.initImage.tag }}"
           imagePullPolicy: {{ .Values.global.initImage.pullPolicy }}
           securityContext:
+            runAsNonRoot: false
             runAsUser: 0
             capabilities:
               add:

From f6e8d892a7e1b0032d64a1cf9a7e03eb82a7aded Mon Sep 17 00:00:00 2001
From: matilote <mateusz.jedrzejewski@yahoo.pl>
Date: Tue, 23 Jan 2024 20:05:31 +0100
Subject: [PATCH 4/4] remove priv escalation

---
 charts/execution-beacon/templates/statefulset.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/charts/execution-beacon/templates/statefulset.yaml b/charts/execution-beacon/templates/statefulset.yaml
index f5267fe8c..0dba834e2 100644
--- a/charts/execution-beacon/templates/statefulset.yaml
+++ b/charts/execution-beacon/templates/statefulset.yaml
@@ -59,7 +59,6 @@ spec:
               - DAC_OVERRIDE
               drop:
               - ALL
-          allowPrivilegeEscalation: true
           env:
             - name: POD_IP
               valueFrom: