From b1ca00b90c72f9cba54b0937c06d1d47eb10b254 Mon Sep 17 00:00:00 2001 From: Sacha Date: Thu, 14 Dec 2023 16:52:37 -0500 Subject: [PATCH] pod security spec updates - Update to the podSpec in `_helpers.tpl` with `customPingGroupRange` and included sensible default for ping range - Update to the `deployment.yaml` to reflect updates Signed-off-by: Sacha --- charts/prometheus-blackbox-exporter/templates/_helpers.tpl | 5 +++++ .../prometheus-blackbox-exporter/templates/deployment.yaml | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/prometheus-blackbox-exporter/templates/_helpers.tpl b/charts/prometheus-blackbox-exporter/templates/_helpers.tpl index 072dfcc661ee..760bf48bd469 100644 --- a/charts/prometheus-blackbox-exporter/templates/_helpers.tpl +++ b/charts/prometheus-blackbox-exporter/templates/_helpers.tpl @@ -147,6 +147,11 @@ priorityClassName: "{{ . }}" {{- with .Values.podSecurityContext }} securityContext: {{ toYaml . | indent 2 }} +{{- if has "NET_RAW" .Values.securityContext.capabilities.add }} +sysctls: +- name: net.ipv4.ping_group_range + value: {{ .Values.customPingGroupRange | default "0 65535" }} +{{- end }} {{- end }} {{- with .Values.extraInitContainers }} initContainers: diff --git a/charts/prometheus-blackbox-exporter/templates/deployment.yaml b/charts/prometheus-blackbox-exporter/templates/deployment.yaml index 755db5840a52..e882a1ae4860 100644 --- a/charts/prometheus-blackbox-exporter/templates/deployment.yaml +++ b/charts/prometheus-blackbox-exporter/templates/deployment.yaml @@ -27,10 +27,13 @@ spec: {{- end }} spec: {{- include "prometheus-blackbox-exporter.podSpec" . | nindent 6 }} - {{- if has "NET_RAW" .Values.securityContext.capabilities.add }} + {{- with .Values.podSecurityContext }} securityContext: + {{ toYaml . | indent 2 }} + {{- if has "NET_RAW" .capabilities.add }} sysctls: - name: net.ipv4.ping_group_range - value: 0 65536 + value: {{ .customPingGroupRange | default "0 65536" }} + {{- end }} {{- end }} {{- end }}