[BUG] violates PodSecurity "baseline:latest"

[kvaps]

Describe the bug:

Currently etcd clusters can't be created in unprivileged namespace, because of hardcoded SYS_PTRACE capability

Expected behavior:

etcd-druid support to run without privileges

How To Reproduce (as minimally and precisely as possible):

• Use Kubernetes with Pod Security Standards
• Create etcd resource

Logs:

create Pod etcd-test-0 in StatefulSet etcd-test failed error: pods "etcd-test-0" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (container "backup-restore" must not include "SYS_PTRACE" in securityContext.capabilities.add)

Screenshots (if applicable):

Environment (please complete the following information):

• Etcd version/commit ID :
• Etcd-druid version/commit ID : v0.22.0
• Cloud Provider [All/AWS/GCS/ABS/Swift/OSS]: Talos Linux

Anything else we need to know?:

[unmarshall]

@kvaps thanks for reporting this. I think this was a leftover for a code that existed in etcd-druid sometime back which required this linux capability. I have included a fix for this in an existing PR #777 (undergoing review), See commit.