diff --git a/charts/apisix/Chart.lock b/charts/apisix/Chart.lock
index 299a78b9..4a5c4939 100644
--- a/charts/apisix/Chart.lock
+++ b/charts/apisix/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: etcd
   repository: https://charts.bitnami.com/bitnami
-  version: 8.7.7
+  version: 9.7.3
 - name: apisix-dashboard
   repository: https://charts.apiseven.com
   version: 0.8.1
 - name: apisix-ingress-controller
   repository: https://charts.apiseven.com
   version: 0.12.2
-digest: sha256:1515ee3907be0ac6604eeccd660cd843b910c1ca78d06b2bbad9e7e4629b8ee2
-generated: "2023-10-01T18:19:00.851685+02:00"
+digest: sha256:fc48bc85c822355c86424979ea1e41b4c5109512c63bf3d85e18f0b5596ffa00
+generated: "2023-12-05T09:45:40.164109+01:00"
diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml
index e1620d33..446e7121 100644
--- a/charts/apisix/Chart.yaml
+++ b/charts/apisix/Chart.yaml
@@ -42,7 +42,7 @@ sources:
 
 dependencies:
   - name: etcd
-    version: 8.7.7
+    version: 9.7.3
     repository: https://charts.bitnami.com/bitnami
     condition: etcd.enabled
   - name: apisix-dashboard
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 06d299e5..ae22761e 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -132,7 +132,7 @@ The command removes all the Kubernetes components associated with the chart and
 | dns.resolvers[5] | string | `"8.8.8.8"` |  |
 | dns.timeout | int | `5` |  |
 | dns.validity | int | `30` |  |
-| etcd | object | `{"auth":{"rbac":{"create":false,"existingSecret":"","existingSecretPasswordKey":"","rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"enabled":true,"existingSecret":"","existingSecretPasswordKey":"","existingSecretUserKey":"","host":["http://etcd.host:2379"],"password":"","prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30,"user":""}` | etcd configuration use the FQDN address or the IP of the etcd |
+| etcd | object | `{"auth":{"rbac":{"create":false,"existingSecret":"","existingSecretPasswordKey":"","rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"containerSecurityContext":{"enabled":false},"enabled":true,"existingSecret":"","existingSecretPasswordKey":"","existingSecretUserKey":"","host":["http://etcd.host:2379"],"password":"","prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30,"user":""}` | etcd configuration use the FQDN address or the IP of the etcd |
 | etcd.auth | object | `{"rbac":{"create":false,"existingSecret":"","existingSecretPasswordKey":"","rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}}` | if etcd.enabled is true, set more values of bitnami/etcd helm chart |
 | etcd.auth.rbac.create | bool | `false` | No authentication by default. Switch to enable RBAC authentication |
 | etcd.auth.rbac.existingSecret | string | `""` | Name of the existing secret containing credentials for the root user |
@@ -144,6 +144,7 @@ The command removes all the Kubernetes components associated with the chart and
 | etcd.auth.tls.existingSecret | string | `""` | name of the secret contains etcd client cert |
 | etcd.auth.tls.sni | string | `""` | specify the TLS Server Name Indication extension, the ETCD endpoint hostname will be used when this setting is unset. |
 | etcd.auth.tls.verify | bool | `true` | whether to verify the etcd endpoint certificate when setup a TLS connection to etcd |
+| etcd.containerSecurityContext | object | `{"enabled":false}` | added for backward compatibility with old kubernetes versions, as seccompProfile is not supported in kubernetes < 1.19 |
 | etcd.enabled | bool | `true` | install etcd(v3) by default, set false if do not want to install etcd(v3) together |
 | etcd.existingSecret | string | `""` | Name of the existing secret containing user and password for external etcd, overrides etcd.user and etcd.password |
 | etcd.existingSecretPasswordKey | string | `""` | Name of key containing password to be retrieved from the existing secret, has a value of password by default |
diff --git a/charts/apisix/charts/etcd-8.7.7.tgz b/charts/apisix/charts/etcd-8.7.7.tgz
deleted file mode 100644
index 5f68f5d9..00000000
Binary files a/charts/apisix/charts/etcd-8.7.7.tgz and /dev/null differ
diff --git a/charts/apisix/charts/etcd-9.7.3.tgz b/charts/apisix/charts/etcd-9.7.3.tgz
new file mode 100644
index 00000000..dd19be34
Binary files /dev/null and b/charts/apisix/charts/etcd-9.7.3.tgz differ
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 61923ae6..1144196a 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -630,6 +630,11 @@ etcd:
       # -- specify the TLS Server Name Indication extension, the ETCD endpoint hostname will be used when this setting is unset.
       sni: ""
 
+  # -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  # -- added for backward compatibility with old kubernetes versions, as seccompProfile is not supported in kubernetes < 1.19
+  containerSecurityContext:
+    enabled: false
+
   service:
     port: 2379