Allow configuring capabilities for container deployed via ix-chart

29518b30 · sonicaj · 5c18d21d · 5c18d21d · 5c18d21d · 29518b30
Commit 29518b30 authored Nov 01, 2021 by sonicaj
6 changed files
--- a/charts/ix-chart/2109.0.0/default_values.yaml
+++ b/charts/ix-chart/2109.0.0/default_values.yaml
-# Default values for ix-chart.
-
-image:
-  repository: debian
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
-
-# Restart / Update policy
-updateStrategy: RollingUpdate
-
-# Container CMD / entrypoint
-containerCommand: []
-containerArgs: []
-containerEnvironmentVariables: []
-
-# Network related configuration
-externalInterfaces: []
-portForwardingList: []
-hostNetwork: false
-dnsPolicy: Default
-dnsConfig:
-  nameservers: []
-  searches: []
-
-# Storage related configuration
-hostPathVolumes: []
-volumes: []
-
-# Probes
-# Liveness Probe
-livenessProbe: null
-
-# Workload type
-workloadType: "Deployment"
-
-gpuConfiguration: {}
--- a/test/ix-chart/2111.0.0/default_values.yaml
+++ b/test/ix-chart/2111.0.0/default_values.yaml
-# Default values for ix-chart.
-
-image:
-  repository: debian
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
-
-# Restart / Update policy
-updateStrategy: RollingUpdate
-
-# Container CMD / entrypoint
-containerCommand: []
-containerArgs: []
-containerEnvironmentVariables: []
-
-# Network related configuration
-externalInterfaces: []
-portForwardingList: []
-hostNetwork: false
-dnsPolicy: Default
-dnsConfig:
-  nameservers: []
-  searches: []
-
-# Storage related configuration
-hostPathVolumes: []
-volumes: []
-
-# Probes
-# Liveness Probe
-livenessProbe: null
-
-# Workload type
-workloadType: "Deployment"
-
-gpuConfiguration: {}
--- a/test/ix-chart/2111.0.0/questions.yaml
+++ b/test/ix-chart/2111.0.0/questions.yaml
@@ -514,3 +514,14 @@ questions:
          schema:
            type: boolean
            default: false
+        - variable: capabilities
+          label: "Capabilities"
+          description: "With Linux capabilities, you can grant certain privileges to a process without granting all the privileges of the root user."
+          schema:
+            type: list
+            items:
+              - variable: capability
+                description: "Add Capability"
+                label: "Add Capability"
+                schema:
+                  type: string
--- a/test/ix-chart/2111.0.0/templates/_workload.tpl
+++ b/test/ix-chart/2111.0.0/templates/_workload.tpl
@@ -56,7 +56,11 @@ containers:
 - name: {{ .Chart.Name }}
  {{- include "volumeMountsConfiguration" . | indent 2}}
  securityContext:
-    {{- toYaml .Values.securityContext | nindent 12 }}
+    privileged: {{ .Values.securityContext.privileged }}
+    {{ if .Values.securityContext.capabilities }}
+    capabilities:
+      add: {{ toYaml .Values.securityContext.capabilities | nindent 8 }}
+    {{ end }}
  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
  imagePullPolicy: {{ .Values.image.pullPolicy }}
  {{- include "containerCommand" . | indent 2 }}

--- a/test/ix-chart/2111.0.0/test_values.yaml
+++ b/test/ix-chart/2111.0.0/test_values.yaml
@@ -37,3 +37,6 @@ livenessProbe: null
 workloadType: "Deployment"

 gpuConfiguration: {}
+securityContext:
+  privileged: false
+  capabilities: []
--- a/test/ix-chart/2111.0.0/values.yaml
+++ b/test/ix-chart/2111.0.0/values.yaml