From 587182c779c0bdeac159517eeef36954a89a8a3f Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Thu, 18 Jun 2020 08:20:31 -0500
Subject: [PATCH] fix(ovs): add capability to openvswitch

While OpenVSwitch works in the gate using kubernetes 1.16, running this
in kubernetes 1.18 causes a permission denied error while executing
chroot in an init container script [0]. This adds the SYS_CHROOT
capability to address the error.

[0] https://opendev.org/openstack/openstack-helm-infra/src/branch/master/openvswitch/templates/bin/_openvswitch-vswitchd-init-modules.sh.tpl#L18-L20

Change-Id: I62c01678cce6cd4e98418ed5518613ccd5eecbf9
Signed-off-by: Tin Lam <tin@irrational.io>
---
 openvswitch/values.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openvswitch/values.yaml b/openvswitch/values.yaml
index 0f92d7c0d..afe0ec0b1 100644
--- a/openvswitch/values.yaml
+++ b/openvswitch/values.yaml
@@ -88,6 +88,7 @@ pod:
           capabilities:
             add:
               - SYS_MODULE
+              - SYS_CHROOT
           readOnlyRootFilesystem: true
         vswitchd:
           runAsUser: 0