From d9b939979da55ffd58e9581174d94c9fa6a49d29 Mon Sep 17 00:00:00 2001
From: Alexander Noskov <anoskov@mirantis.com>
Date: Fri, 7 Jun 2019 15:59:31 -0500
Subject: [PATCH] Ingress: Fix security context for pod/container

During armada bootstrap, ingress pod tries to execute chroot [0]
inside root directory on host machine to load dummy kernel module
and getting permission denied error.

[0] https://opendev.org/openstack/openstack-helm-infra/src/branch/master/ingress/templates/bin/_ingress-vip-routed.sh.tpl#L22

Change-Id: Icf7e29e95e0c3cf2bf71a22711a03218390c90cb
---
 ingress/values.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ingress/values.yaml b/ingress/values.yaml
index b0a8207182..844fd43029 100644
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@@ -57,23 +57,23 @@ pod:
           capabilities:
             add:
               - SYS_MODULE
-          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+          runAsUser: 0
         ingress_vip_init:
           capabilities:
             add:
               - NET_ADMIN
-          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
-        ingress:
           runAsUser: 0
+        ingress:
           readOnlyRootFilesystem: false
+          runAsUser: 0
         ingress_vip:
           capabilities:
             add:
               - NET_ADMIN
-          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+          runAsUser: 0
   affinity:
     anti:
       type: