From 9144813d6800dd7374abc329b6c501a26bf4bb6c Mon Sep 17 00:00:00 2001
From: s94santos <10950164+s94santos@users.noreply.github.com>
Date: Thu, 27 Apr 2023 09:00:40 +0100
Subject: [PATCH] feat: Adds support for linux capabilities (#258)

Adds the possibily to run pihole container with specified linux capabilities.
Allowing, for example, to run the pihole DHCP without privileged mode.
---
 charts/pihole/Chart.yaml                | 2 +-
 charts/pihole/README.md                 | 1 +
 charts/pihole/templates/deployment.yaml | 4 ++++
 charts/pihole/values.yaml               | 5 +++++
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/charts/pihole/Chart.yaml b/charts/pihole/Chart.yaml
index c58979b1..6d6b74a0 100644
--- a/charts/pihole/Chart.yaml
+++ b/charts/pihole/Chart.yaml
@@ -3,7 +3,7 @@ description: Installs pihole in kubernetes
 home: https://github.com/MoJo2600/pihole-kubernetes/tree/master/charts/pihole
 name: pihole
 appVersion: "2023.01"
-version: 2.13.0
+version: 2.14.0
 sources:
   - https://github.com/MoJo2600/pihole-kubernetes/tree/master/charts/pihole
   - https://pi-hole.net/
diff --git a/charts/pihole/README.md b/charts/pihole/README.md
index f4fb3772..4be0e0f7 100644
--- a/charts/pihole/README.md
+++ b/charts/pihole/README.md
@@ -230,6 +230,7 @@ The following table lists the configurable parameters of the pihole chart and th
 | podDnsConfig.nameservers[1] | string | `"8.8.8.8"` |  |
 | podDnsConfig.policy | string | `"None"` |  |
 | privileged | string | `"false"` | should container run in privileged mode |
+| capabilities | object | `{}` | Linux capabilities that container should run with |
 | probes | object | `{"liveness":{"type": "httpGet","enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"port":"http","scheme":"HTTP","timeoutSeconds":5},"readiness":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"port":"http","scheme":"HTTP","timeoutSeconds":5}}` | Probes configuration |
 | probes.liveness.enabled | bool | `true` | Generate a liveness probe |
 | probes.liveness.type | string | `httpGet` | Defines the type of liveness probe. (httpGet, command) |
diff --git a/charts/pihole/templates/deployment.yaml b/charts/pihole/templates/deployment.yaml
index 990ead1a..83329039 100644
--- a/charts/pihole/templates/deployment.yaml
+++ b/charts/pihole/templates/deployment.yaml
@@ -165,6 +165,10 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             privileged: {{ .Values.privileged }}
+          {{- if .Values.capabilities }}
+            capabilities:
+            {{- toYaml .Values.capabilities | nindent 14 }}
+          {{- end }}
           ports:
           - containerPort: {{ .Values.webHttp }}
             name: http
diff --git a/charts/pihole/values.yaml b/charts/pihole/values.yaml
index f294083e..2e57f4be 100644
--- a/charts/pihole/values.yaml
+++ b/charts/pihole/values.yaml
@@ -385,6 +385,11 @@ hostNetwork: "false"
 # -- should container run in privileged mode
 privileged: "false"
 
+# linux capabilities container should run with
+capabilities: {}
+  # add:
+  # - NET_ADMIN
+
 customVolumes:
   # -- set this to true to enable custom volumes
   enabled: false