feat: Adds support for linux capabilities (#258)

Adds the possibily to run pihole container with specified linux capabilities. Allowing, for example, to run the pihole DHCP without privileged mode.
MoJo2600 · Apr 27, 2023 · 9144813 · 9144813
1 parent a0143cc
commit 9144813
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 1 deletion.
diff --git a/charts/pihole/Chart.yaml b/charts/pihole/Chart.yaml
@@ -3,7 +3,7 @@ description: Installs pihole in kubernetes
 home: https://github.com/MoJo2600/pihole-kubernetes/tree/master/charts/pihole
 name: pihole
 appVersion: "2023.01"
-version: 2.13.0
+version: 2.14.0
 sources:
   - https://github.com/MoJo2600/pihole-kubernetes/tree/master/charts/pihole
   - https://pi-hole.net/

diff --git a/charts/pihole/README.md b/charts/pihole/README.md
@@ -230,6 +230,7 @@ The following table lists the configurable parameters of the pihole chart and th
 | podDnsConfig.nameservers[1] | string | `"8.8.8.8"` |  |
 | podDnsConfig.policy | string | `"None"` |  |
 | privileged | string | `"false"` | should container run in privileged mode |
+| capabilities | object | `{}` | Linux capabilities that container should run with |
 | probes | object | `{"liveness":{"type": "httpGet","enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"port":"http","scheme":"HTTP","timeoutSeconds":5},"readiness":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"port":"http","scheme":"HTTP","timeoutSeconds":5}}` | Probes configuration |
 | probes.liveness.enabled | bool | `true` | Generate a liveness probe |
 | probes.liveness.type | string | `httpGet` | Defines the type of liveness probe. (httpGet, command) |

diff --git a/charts/pihole/templates/deployment.yaml b/charts/pihole/templates/deployment.yaml
@@ -165,6 +165,10 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             privileged: {{ .Values.privileged }}
+          {{- if .Values.capabilities }}
+            capabilities:
+            {{- toYaml .Values.capabilities | nindent 14 }}
+          {{- end }}
           ports:
           - containerPort: {{ .Values.webHttp }}
             name: http

diff --git a/charts/pihole/values.yaml b/charts/pihole/values.yaml
@@ -385,6 +385,11 @@ hostNetwork: "false"
 # -- should container run in privileged mode
 privileged: "false"
 
+# linux capabilities container should run with
+capabilities: {}
+  # add:
+  # - NET_ADMIN
+
 customVolumes:
   # -- set this to true to enable custom volumes
   enabled: false