override security context capabilities to values.yaml

Change-Id: I1120a4f5325172a8ece7d2ce8bb24706e28b319f
2020-08-06 12:20:30 -05:00 · 2020-08-06 12:20:30 -05:00 · 2dd543c841
commit 2dd543c841
parent f899a11a06
2 changed files with 11 additions and 12 deletions
--- a/charts/maas/templates/deployment-maas-ingress.yaml
+++ b/charts/maas/templates/deployment-maas-ingress.yaml
@ -181,12 +181,6 @@ spec:
          imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress_vip_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-          securityContext:
-            capabilities:
-              add:
-                - 'NET_ADMIN'
-                - 'SYS_MODULE'
-            runAsUser: 0
          command:
            - /tmp/maas-vip-configure.sh
            - start
@ -206,9 +200,6 @@ spec:
          imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress_vip" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-            capabilities:
-              add:
-                - 'NET_ADMIN'
          command:
            - /bin/init
          env:
@ -233,9 +224,6 @@ spec:
          imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-            capabilities:
-              add:
-                - 'NET_BIND_SERVICE'
          command:
            - /tmp/maas-ingress.sh
            - start
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@ -356,10 +356,21 @@ pod:
      container:
        maas_ingress_vip_init:
          readOnlyRootFilesystem: false
+          capabilities:
+            add:
+              - 'NET_ADMIN'
+              - 'SYS_MODULE'
+          runAsUser: 0
        maas_ingress_vip:
          readOnlyRootFilesystem: false
+          capabilities:
+            add:
+              - 'NET_ADMIN'
        maas_ingress:
          readOnlyRootFilesystem: false
+          capabilities:
+            add:
+              - 'NET_BIND_SERVICE'
    ingress_errors:
      pod:
        runAsUser: 65534