From 2dd543c841dc9c14b78c61515bda57dc5fbb951e Mon Sep 17 00:00:00 2001
From: "KHIYANI, RAHUL (rk0850)" <rk0850@att.com>
Date: Thu, 6 Aug 2020 12:20:30 -0500
Subject: [PATCH] override security context capabilities to values.yaml

Change-Id: I1120a4f5325172a8ece7d2ce8bb24706e28b319f
---
 charts/maas/templates/deployment-maas-ingress.yaml | 12 ------------
 charts/maas/values.yaml                            | 11 +++++++++++
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/charts/maas/templates/deployment-maas-ingress.yaml b/charts/maas/templates/deployment-maas-ingress.yaml
index 810795a..6ea2b32 100644
--- a/charts/maas/templates/deployment-maas-ingress.yaml
+++ b/charts/maas/templates/deployment-maas-ingress.yaml
@@ -181,12 +181,6 @@ spec:
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress_vip_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-          securityContext:
-            capabilities:
-              add:
-                - 'NET_ADMIN'
-                - 'SYS_MODULE'
-            runAsUser: 0
           command:
             - /tmp/maas-vip-configure.sh
             - start
@@ -206,9 +200,6 @@ spec:
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress_vip" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-            capabilities:
-              add:
-                - 'NET_ADMIN'
           command:
             - /bin/init
           env:
@@ -233,9 +224,6 @@ spec:
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-            capabilities:
-              add:
-                - 'NET_BIND_SERVICE'
           command:
             - /tmp/maas-ingress.sh
             - start
diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml
index a8e84d3..57dc90f 100644
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@@ -356,10 +356,21 @@ pod:
       container:
         maas_ingress_vip_init:
           readOnlyRootFilesystem: false
+          capabilities:
+            add:
+              - 'NET_ADMIN'
+              - 'SYS_MODULE'
+          runAsUser: 0
         maas_ingress_vip:
           readOnlyRootFilesystem: false
+          capabilities:
+            add:
+              - 'NET_ADMIN'
         maas_ingress:
           readOnlyRootFilesystem: false
+          capabilities:
+            add:
+              - 'NET_BIND_SERVICE'
     ingress_errors:
       pod:
         runAsUser: 65534