Merge pull request #233 from truenas/NAS-113153

NAS-113153 / 22.02-RC.2 / Allow specifying linux capabilities for containers in ix-chart

charts/ix-chart/2109.0.0/default_values.yaml

@@ -1,37 +0,0 @@
-# Default values for ix-chart.
-
-image:
-  repository: debian
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
-
-# Restart / Update policy
-updateStrategy: RollingUpdate
-
-# Container CMD / entrypoint
-containerCommand: []
-containerArgs: []
-containerEnvironmentVariables: []
-
-# Network related configuration
-externalInterfaces: []
-portForwardingList: []
-hostNetwork: false
-dnsPolicy: Default
-dnsConfig:
-  nameservers: []
-  searches: []
-
-# Storage related configuration
-hostPathVolumes: []
-volumes: []
-
-# Probes
-# Liveness Probe
-livenessProbe: null
-
-# Workload type
-workloadType: "Deployment"
-
-gpuConfiguration: {}

charts/ix-chart/2111.0.0/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2109.0.0
+version: 2111.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/ix-chart/2111.0.0/questions.yaml

@@ -514,3 +514,14 @@ questions:
           schema:
             type: boolean
             default: false
+        - variable: capabilities
+          label: "Capabilities"
+          description: "With Linux capabilities, you can grant certain privileges to a process without granting all the privileges of the root user."
+          schema:
+            type: list
+            items:
+              - variable: capability
+                description: "Add Capability"
+                label: "Add Capability"
+                schema:
+                  type: string

charts/ix-chart/2111.0.0/templates/_workload.tpl

@@ -56,7 +56,11 @@ containers:
 - name: {{ .Chart.Name }}
   {{- include "volumeMountsConfiguration" . | indent 2}}
   securityContext:
-    {{- toYaml .Values.securityContext | nindent 12 }}
+    privileged: {{ .Values.securityContext.privileged }}
+    {{ if .Values.securityContext.capabilities }}
+    capabilities:
+      add: {{ toYaml .Values.securityContext.capabilities | nindent 8 }}
+    {{ end }}
   image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
   imagePullPolicy: {{ .Values.image.pullPolicy }}
   {{- include "containerCommand" . | indent 2 }}

charts/ix-chart/2111.0.0/test_values.yaml

@@ -37,3 +37,6 @@ livenessProbe: null
 workloadType: "Deployment"
 
 gpuConfiguration: {}
+securityContext:
+  privileged: false
+  capabilities: []

test/ix-chart/2109.1.0/default_values.yaml

@@ -1,37 +0,0 @@
-# Default values for ix-chart.
-
-image:
-  repository: debian
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
-
-# Restart / Update policy
-updateStrategy: RollingUpdate
-
-# Container CMD / entrypoint
-containerCommand: []
-containerArgs: []
-containerEnvironmentVariables: []
-
-# Network related configuration
-externalInterfaces: []
-portForwardingList: []
-hostNetwork: false
-dnsPolicy: Default
-dnsConfig:
-  nameservers: []
-  searches: []
-
-# Storage related configuration
-hostPathVolumes: []
-volumes: []
-
-# Probes
-# Liveness Probe
-livenessProbe: null
-
-# Workload type
-workloadType: "Deployment"
-
-gpuConfiguration: {}

test/ix-chart/2111.0.0/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2109.1.0
+version: 2111.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

test/ix-chart/2111.0.0/questions.yaml

@@ -292,6 +292,26 @@ questions:
                 label: "Search Entry"
                 schema:
                   type: string
+        - variable: options
+          label: "DNS Options"
+          schema:
+            type: list
+            items:
+              - variable: optionsEntry
+                label: "Option Entry Configuration"
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: "Option Name"
+                      schema:
+                        type: string
+                        required: true
+                    - variable: value
+                      label: "Option Value"
+                      schema:
+                        type: string
+                        required: true
 
   - variable: hostNetwork
     label: "Provide access to node network namespace for the workload"
@@ -494,3 +514,14 @@ questions:
           schema:
             type: boolean
             default: false
+        - variable: capabilities
+          label: "Capabilities"
+          description: "With Linux capabilities, you can grant certain privileges to a process without granting all the privileges of the root user."
+          schema:
+            type: list
+            items:
+              - variable: capability
+                description: "Add Capability"
+                label: "Add Capability"
+                schema:
+                  type: string

test/ix-chart/2111.0.0/templates/_workload.tpl

@@ -56,7 +56,11 @@ containers:
 - name: {{ .Chart.Name }}
   {{- include "volumeMountsConfiguration" . | indent 2}}
   securityContext:
-    {{- toYaml .Values.securityContext | nindent 12 }}
+    privileged: {{ .Values.securityContext.privileged }}
+    {{ if .Values.securityContext.capabilities }}
+    capabilities:
+      add: {{ toYaml .Values.securityContext.capabilities | nindent 8 }}
+    {{ end }}
   image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
   imagePullPolicy: {{ .Values.image.pullPolicy }}
   {{- include "containerCommand" . | indent 2 }}

test/ix-chart/2111.0.0/test_values.yaml

@@ -37,3 +37,6 @@ livenessProbe: null
 workloadType: "Deployment"
 
 gpuConfiguration: {}
+securityContext:
+  privileged: false
+  capabilities: []