Merge "[memcached] Allign with security best practices"

memcached/templates/statefulset.yaml

@@ -132,6 +132,6 @@ spec:
         - name: memcached-bin
           configMap:
             name: {{ $configMapBinName | quote }}
-            defaultMode: 0555
+            defaultMode: 360
 {{ dict "envAll" $envAll "component" "memcached" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }}
 {{- end }}

memcached/values.yaml

@@ -150,13 +150,21 @@ pod:
     server:
       pod:
         runAsUser: 65534
+        runAsNonRoot: true
+        fsGroup: 65534
       container:
         memcached:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+              - ALL
         memcached_exporter:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+              - ALL
   probes:
     memcached:
       memcached: