Fix typo

isindir · Jan 29, 2024 · f21cad8 · f21cad8
1 parent 4545e3c
commit f21cad8
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 97 deletions.
diff --git a/chart/helm3/sops-secrets-operator/README.md b/chart/helm3/sops-secrets-operator/README.md
@@ -156,8 +156,9 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | resources | object | `{}` | Operator container resources |
 | secretsAsEnvVars | list | `[]` | configure custom secrets to be used as environment variables at runtime, see values.yaml |
 | secretsAsFiles | list | `[]` | configure custom secrets to be mounted at runtime, see values.yaml |
-| securityContext.container | object | `{"capabilities":{"add":["NET_BIND_SERVICE"],"drop":["all"]}}` | container/initContainer |
-| securityContext.container.capabilities | object | `{"add":["NET_BIND_SERVICE"],"drop":["all"]}` | capabilities |
+| securityContext.container | object | `{"capabilities":{"add":["NET_BIND_SERVICE"],"drop":["all"],"enabled":false}}` | container/initContainer |
+| securityContext.container.capabilities | object | `{"add":["NET_BIND_SERVICE"],"drop":["all"],"enabled":false}` | capabilities |
+| securityContext.container.capabilities.enabled | bool | `false` | enables securityContext capabilities feature in containers |
 | securityContext.enabled | bool | `false` | Enable securityContext |
 | securityContext.fsGroup | int | `13001` | fs group |
 | securityContext.runAsGroup | int | `13001` | GID to run as |

diff --git a/chart/helm3/sops-secrets-operator/templates/operator.yaml b/chart/helm3/sops-secrets-operator/templates/operator.yaml
@@ -34,7 +34,7 @@ spec:
           image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
           imagePullPolicy: {{ .Values.initImage.pullPolicy }}
           command: ['/bin/sh', '-c', 'cp -Lr /var/secrets/gpg-secrets/* /var/secrets/gpg/']
-          {{- if .Values.securityContext.enabled }}
+          {{- if and .Values.securityContext.enabled .Values.securityContext.container.capabilities.enabled }}
           securityContext:
             capabilities:
               drop: {{ .Values.securityContext.container.capabilities.drop }}
@@ -52,7 +52,7 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- if .Values.securityContext.enabled }}
+          {{- if and .Values.securityContext.enabled .Values.securityContext.container.capabilities.enabled }}
           securityContext:
             capabilities:
               drop: {{ .Values.securityContext.container.capabilities.drop }}

diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml
@@ -166,6 +166,8 @@ securityContext:
   container:
     # -- capabilities
     capabilities:
+      # -- enables securityContext capabilities feature in containers
+      enabled: false
       drop:
         - all
       add: