Allow configuring capabilities for container deployed via ix-chart

charts/ix-chart/2109.0.0/default_values.yaml

@@ -1,37 +0,0 @@
-# Default values for ix-chart.
-
-image:
-  repository: debian
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
-
-# Restart / Update policy
-updateStrategy: RollingUpdate
-
-# Container CMD / entrypoint
-containerCommand: []
-containerArgs: []
-containerEnvironmentVariables: []
-
-# Network related configuration
-externalInterfaces: []
-portForwardingList: []
-hostNetwork: false
-dnsPolicy: Default
-dnsConfig:
-  nameservers: []
-  searches: []
-
-# Storage related configuration
-hostPathVolumes: []
-volumes: []
-
-# Probes
-# Liveness Probe
-livenessProbe: null
-
-# Workload type
-workloadType: "Deployment"
-
-gpuConfiguration: {}

test/ix-chart/2111.0.0/default_values.yaml

@@ -1,37 +0,0 @@
-# Default values for ix-chart.
-
-image:
-  repository: debian
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
-
-# Restart / Update policy
-updateStrategy: RollingUpdate
-
-# Container CMD / entrypoint
-containerCommand: []
-containerArgs: []
-containerEnvironmentVariables: []
-
-# Network related configuration
-externalInterfaces: []
-portForwardingList: []
-hostNetwork: false
-dnsPolicy: Default
-dnsConfig:
-  nameservers: []
-  searches: []
-
-# Storage related configuration
-hostPathVolumes: []
-volumes: []
-
-# Probes
-# Liveness Probe
-livenessProbe: null
-
-# Workload type
-workloadType: "Deployment"
-
-gpuConfiguration: {}

test/ix-chart/2111.0.0/questions.yaml

@@ -514,3 +514,14 @@ questions:
           schema:
             type: boolean
             default: false
+        - variable: capabilities
+          label: "Capabilities"
+          description: "With Linux capabilities, you can grant certain privileges to a process without granting all the privileges of the root user."
+          schema:
+            type: list
+            items:
+              - variable: capability
+                description: "Add Capability"
+                label: "Add Capability"
+                schema:
+                  type: string

test/ix-chart/2111.0.0/templates/_workload.tpl

@@ -56,7 +56,11 @@ containers:
 - name: {{ .Chart.Name }}
   {{- include "volumeMountsConfiguration" . | indent 2}}
   securityContext:
-    {{- toYaml .Values.securityContext | nindent 12 }}
+    privileged: {{ .Values.securityContext.privileged }}
+    {{ if .Values.securityContext.capabilities }}
+    capabilities:
+      add: {{ toYaml .Values.securityContext.capabilities | nindent 8 }}
+    {{ end }}
   image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
   imagePullPolicy: {{ .Values.image.pullPolicy }}
   {{- include "containerCommand" . | indent 2 }}

test/ix-chart/2111.0.0/test_values.yaml

@@ -37,3 +37,6 @@ livenessProbe: null
 workloadType: "Deployment"
 
 gpuConfiguration: {}
+securityContext:
+  privileged: false
+  capabilities: []