feat: add drop all capabilities (#1116)

Signed-off-by: JuanPabloSGU <jsanc016@uottawa.ca>
bitnami-labs · Mar 2, 2023 · 97745f7 · 97745f7
1 parent 7c679b3
commit 97745f7
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/helm/sealed-secrets/Chart.yaml b/helm/sealed-secrets/Chart.yaml
@@ -14,4 +14,4 @@ maintainers:
     url: https://github.com/bitnami-labs/sealed-secrets
 name: sealed-secrets
 type: application
-version: 2.7.4
+version: 2.7.5
diff --git a/helm/sealed-secrets/values.yaml b/helm/sealed-secrets/values.yaml
@@ -151,12 +151,16 @@ podSecurityContext:
 ## @param containerSecurityContext.readOnlyRootFilesystem Whether the Sealed Secret container has a read-only root filesystem
 ## @param containerSecurityContext.runAsNonRoot Indicates that the Sealed Secret container must run as a non-root user
 ## @param containerSecurityContext.runAsUser Set Sealed Secret containers' Security Context runAsUser
+## @param containerSecurityContext.capabilities Adds and removes POSIX capabilities from running containers
 ##
 containerSecurityContext:
   enabled: true
   readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 1001
+  capabilities:
+    drop:
+      - all
 
 ## @param automountServiceAccountToken whether to automatically mount the service account API-token to a particular pod
 automountServiceAccountToken: ""