Skip to content

Commit

Permalink
fix(chart): Add NET_BIND_SERVICE capability to be able to start nginx…
Browse files Browse the repository at this point in the history 
… binary with cap_net_bind_service
  • Loading branch information
@PSanetra
PSanetra committed Aug 9, 2024
1 parent 23d2a81 commit c9f6ba5
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
22 changes: 22 additions & 0 deletions chart/tests/__snapshot__/deployment_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ should mount tls secret if openshift.route.enabled and openshift.route.tls.termi
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -150,6 +152,8 @@ should not render replicas if autoscaling is enabled:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -238,6 +242,8 @@ should render minimal values:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -335,6 +341,8 @@ should render with affinity:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -423,6 +431,8 @@ should render with extra volume:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -518,6 +528,8 @@ should render with nodeSelector:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -608,6 +620,8 @@ should render with pull secret:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -698,6 +712,8 @@ should render with tolerations:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -790,6 +806,8 @@ should support alternative http port:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -881,6 +899,8 @@ should support alternative https port:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down Expand Up @@ -972,6 +992,8 @@ should support enabling https:
memory: 512Mi
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
Expand Down
2 changes: 2 additions & 0 deletions chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ pod:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
runAsNonRoot: true
livenessProbe:
Expand Down

0 comments on commit c9f6ba5

Please sign in to comment.