Closed neilmfrench closed 4 months ago
Hi! Thanks for raising the issue. I have tried to reproduce this, but so far I haven't been able to reproduce the issue.
values-test.yaml
:
defaultPodOptions:
securityContext:
privileged: true
capabilities:
add:
- SYS_RAWIO
controllers:
main:
enabled: true
type: daemonset
containers:
main:
image:
repository: ghcr.io/mendhak/http-https-echo
tag: 31
service:
main:
enabled: false
This is the output of helm template test oci://ghcr.io/bjw-s/helm/app-template --version 2.3.0 -f values-test
:
---
# Source: app-template/templates/common.yaml
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: test
labels:
app.kubernetes.io/component: main
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: test
helm.sh/chart: app-template-2.3.0
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/component: main
app.kubernetes.io/name: test
app.kubernetes.io/instance: test
template:
metadata:
annotations:
labels:
app.kubernetes.io/component: main
app.kubernetes.io/instance: test
app.kubernetes.io/name: test
spec:
enableServiceLinks: true
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
capabilities:
add:
- SYS_RAWIO
privileged: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- image: ghcr.io/mendhak/http-https-echo:31
name: main
As you can see, the securityContext
is being set as expected.
Yeah you're right. TIL PodSecurityContext is slightly different from SecurityContext
Details
Example values:
Chart version: 2.3.0
This works when applied directly to the container (i.e. controllers.main.container.main.securityContext)