pod security spec updates

- Update to the podSpec in `_helpers.tpl` with `customPingGroupRange` and included sensible default for ping range - Update to the `deployment.yaml` to reflect updates Signed-off-by: Sacha <[email protected]>
sachasmart · Dec 14, 2023 · b1ca00b · b1ca00b
1 parent 27d6377
commit b1ca00b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/charts/prometheus-blackbox-exporter/templates/_helpers.tpl b/charts/prometheus-blackbox-exporter/templates/_helpers.tpl
@@ -147,6 +147,11 @@ priorityClassName: "{{ . }}"
 {{- with .Values.podSecurityContext }}
 securityContext:
 {{ toYaml . | indent 2 }}
+{{- if has "NET_RAW" .Values.securityContext.capabilities.add }}
+sysctls:
+- name: net.ipv4.ping_group_range
+  value: {{ .Values.customPingGroupRange | default "0 65535" }}
+{{- end }}
 {{- end }}
 {{- with .Values.extraInitContainers }}
 initContainers:

diff --git a/charts/prometheus-blackbox-exporter/templates/deployment.yaml b/charts/prometheus-blackbox-exporter/templates/deployment.yaml
@@ -27,10 +27,13 @@ spec:
         {{- end }}
     spec:
     {{- include "prometheus-blackbox-exporter.podSpec" . | nindent 6 }}
-    {{- if has "NET_RAW" .Values.securityContext.capabilities.add }}
+    {{- with .Values.podSecurityContext }}
       securityContext:
+        {{ toYaml . | indent 2 }}
+        {{- if has "NET_RAW" .capabilities.add }}
         sysctls:
         - name: net.ipv4.ping_group_range
-          value: 0 65536
+          value: {{ .customPingGroupRange | default "0 65536" }}
+        {{- end }}
     {{- end }}
 {{- end }}