bugfix(Octavia): add capabilities to health-manager

Change-Id: Ic02d6823f94166b7c5c6b7669a030c008eaceeec
2025-06-05 00:56:55 +00:00
parent abd55b4a71
commit 22a0ee44b2
3 changed files with 27 additions and 10 deletions
--- a/octavia/templates/daemonset-health-manager.yaml
+++ b/octavia/templates/daemonset-health-manager.yaml
@@ -76,11 +76,7 @@ spec:
        - name: octavia-health-manager-nic-init
 {{ tuple $envAll "openvswitch_vswitchd" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.health_manager | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
+{{ dict "envAll" $envAll "application" "octavia_health_manager" "container" "octavia_health_manager_nic_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
            runAsUser: 0
            capabilities:
              add:
                - NET_ADMIN
          command:
            - /tmp/octavia-health-manager-nic-init.sh
          volumeMounts:
@@ -96,11 +92,7 @@ spec:
        - name: octavia-health-manager
 {{ tuple $envAll "octavia_health_manager" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.health_manager | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
+{{ dict "envAll" $envAll "application" "octavia_health_manager" "container" "octavia_health_manager" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
            runAsUser: 0
            capabilities:
              add:
                - NET_ADMIN
          command:
            - /tmp/octavia-health-manager.sh
            - start
--- a/octavia/values.yaml
+++ b/octavia/values.yaml
@@ -590,6 +590,20 @@ pod:
      container:
        octavia_housekeeping:
          runAsUser: 42424
    octavia_health_manager:
      container:
        octavia_health_manager_nic_init:
          runAsUser: 0
          capabilities:
            add:
              - NET_ADMIN
              - NET_RAW
              - NET_BIND_SERVICE
        octavia_health_manager:
          runAsUser: 0
          capabilities:
            add:
              - NET_ADMIN
  affinity:
    anti:
      type:
--- a/releasenotes/notes/octavia-health-manager-net-caps-49adc645e1d03456.yaml
+++ b/releasenotes/notes/octavia-health-manager-net-caps-49adc645e1d03456.yaml
@@ -0,0 +1,11 @@
 ---
 # To create a new release note related to a specific chart:
 # reno new <chart_name>
 #
 # To create a new release note for a common change (when multiple charts
 # are changed):
 # reno new common
 octavia:
  - |
    Health manager requires NET_RAW and NET_BIND_SERVICE for allowing ISC DHCPD to work
 ...