From 4809a8e7edcf06af44e135fe0dbd011893fd0ca3 Mon Sep 17 00:00:00 2001
From: Stavros kois <s.kois@outlook.com>
Date: Sat, 11 Feb 2023 13:30:11 +0200
Subject: [PATCH] whops, thats a different range

---
 library/common-test/tests/pod/securityContext.yaml       | 9 ++-------
 .../1.0.0/templates/lib/pod/_podSecurityContext.tpl      | 7 ++-----
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/library/common-test/tests/pod/securityContext.yaml b/library/common-test/tests/pod/securityContext.yaml
index 592201e9b5..67abba42a1 100644
--- a/library/common-test/tests/pod/securityContext.yaml
+++ b/library/common-test/tests/pod/securityContext.yaml
@@ -206,8 +206,6 @@ tests:
                 value: "some_different_value"
               - name: net.ipv4.ip_unprivileged_port_start
                 value: "53"
-              - name: net.ipv4.ping_group_range
-                value: "53 80"
       - documentIndex: &otherStatefulSetDoc 1
         isKind:
           of: StatefulSet
@@ -221,8 +219,6 @@ tests:
             sysctls:
               - name: net.ipv4.ip_unprivileged_port_start
                 value: "443"
-              - name: net.ipv4.ping_group_range
-                value: "443 443"
 
   - it: should pass with no sysctls port_start automatically appended based on services when port is higher than 1024
     set:
@@ -253,9 +249,8 @@ tests:
           value:
             fsGroup: 568
             fsGroupChangePolicy: OnRootMismatch
-            sysctls:
-              - name: net.ipv4.ping_group_range
-                value: "3000 3000"
+            supplementalGroups: []
+            sysctls: []
 
   # Failures
   - it: should fail with empty securityContext from "global"
diff --git a/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl b/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl
index 87f3a8ed4f..44ea7ae8ac 100644
--- a/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl
+++ b/library/common/1.0.0/templates/lib/pod/_podSecurityContext.tpl
@@ -26,11 +26,8 @@ objectData: The object data to be used to render the Pod.
     TODO: Unit Test the above cases
     */}}
   {{- $portRange := fromJson (include "ix.v1.common.lib.pod.securityContext.getPortRange" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
-  {{- if and $portRange.low $portRange.high -}}
-    {{- if le (int $portRange.low) 1024 -}}
-      {{- $_ := set $secContext "sysctls" (mustAppend $secContext.sysctls (dict "name" "net.ipv4.ip_unprivileged_port_start" "value" (printf "%v" $portRange.low))) -}}
-    {{- end -}}
-    {{- $_ := set $secContext "sysctls" (mustAppend $secContext.sysctls (dict "name" "net.ipv4.ping_group_range" "value" (printf "%v %v" $portRange.low $portRange.high))) -}}
+  {{- if and $portRange.low (le (int $portRange.low) 1024) -}}
+    {{- $_ := set $secContext "sysctls" (mustAppend $secContext.sysctls (dict "name" "net.ipv4.ip_unprivileged_port_start" "value" (printf "%v" $portRange.low))) -}}
   {{- end -}}
 
   {{- if not $secContext.fsGroup -}}