Merge "OVS: update container privs"

2018-08-01 16:19:35 +00:00 · 2018-08-01 16:19:35 +00:00 · 36942c58be
parent e31a1632dc 108d9606d7
commit 36942c58be
2 changed files with 3 additions and 2 deletions
--- a/openvswitch/templates/daemonset-ovs-db.yaml
+++ b/openvswitch/templates/daemonset-ovs-db.yaml
@ -51,7 +51,6 @@ spec:
 {{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          securityContext:
            runAsUser: 0
-            privileged: true
          command:
            - /tmp/openvswitch-db-server.sh
            - start
--- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml
+++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
@ -68,7 +68,9 @@ spec:
 {{ tuple $envAll $envAll.Values.pod.resources.ovs.vswitchd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          securityContext:
            runAsUser: 0
-            privileged: true
+            capabilities:
+              add:
+                - NET_ADMIN
          # ensures this container can speak to the ovs database
          # successfully before its marked as ready
          readinessProbe: