diff --git a/charts/nfs-server-provisioner/Chart.yaml b/charts/nfs-server-provisioner/Chart.yaml index ec191b31..d50a0dc2 100644 --- a/charts/nfs-server-provisioner/Chart.yaml +++ b/charts/nfs-server-provisioner/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 4.0.8 description: nfs-server-provisioner is an out-of-tree dynamic provisioner for Kubernetes. You can use it to quickly & easily deploy shared storage that works almost anywhere. name: nfs-server-provisioner -version: 1.6.0 +version: 1.7.0 maintainers: - name: kiall email: kiall@macinnes.ie diff --git a/charts/nfs-server-provisioner/templates/statefulset.yaml b/charts/nfs-server-provisioner/templates/statefulset.yaml index b55a0926..06f4397e 100644 --- a/charts/nfs-server-provisioner/templates/statefulset.yaml +++ b/charts/nfs-server-provisioner/templates/statefulset.yaml @@ -73,11 +73,10 @@ spec: - name: statd-udp containerPort: 662 protocol: UDP + {{- with .Values.securityContext }} securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - SYS_RESOURCE + {{- toYaml . | nindent 12 }} + {{- end }} args: - "-provisioner={{ include "nfs-provisioner.provisionerName" . }}" {{- range $key, $value := .Values.extraArgs }} diff --git a/charts/nfs-server-provisioner/values.yaml b/charts/nfs-server-provisioner/values.yaml index 7f3bb4ac..fafb9cb4 100644 --- a/charts/nfs-server-provisioner/values.yaml +++ b/charts/nfs-server-provisioner/values.yaml @@ -39,7 +39,7 @@ service: persistence: enabled: false - + ## Existing Persistent Volume Claim ## This should be used with persistence.enabled=true ## If defined, an existing volume claim will be used, instead @@ -96,6 +96,12 @@ rbac: ## serviceAccountName: default +securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - SYS_RESOURCE + ## For creating the PriorityClass automatically: priorityClass: ## Enable creation of a PriorityClass resource for this nfs-server-provisioner instance