From c3869ad539c9945e5cdf3cb98b97753d01240740 Mon Sep 17 00:00:00 2001 From: David Young Date: Mon, 27 Apr 2020 09:54:49 +1200 Subject: [PATCH] Remove securityContext (because it breaks docker-mailserver behaviour) Signed-off-by: David Young --- README.markdown | 3 +-- charts/docker-mailserver/Chart.yaml | 2 +- charts/docker-mailserver/templates/deployment.yaml | 6 +----- charts/docker-mailserver/values.yaml | 7 ------- 4 files changed, 3 insertions(+), 15 deletions(-) diff --git a/README.markdown b/README.markdown index efd6ab36..e465de04 100644 --- a/README.markdown +++ b/README.markdown @@ -210,8 +210,7 @@ The following table lists the configurable parameters of the docker-mailserver c | `livenessTests.enabled` | Array of commands to execute in sequence, to determine container health. A non-zero exit of any command is considered a failure | `[ "clamscan /tmp/docker-mailserver/TrustedHosts" ]` | | `pod.dockermailserver.hostNetwork` | Whether the pod should be connected to the "host" network (a primitive solution to ingress NAT problem) | `false` | | `pod.dockermailserver.hostPID` | Not really sure. TBD. | `None` | -| `pod.dockermailserver.hostPID` | Not really sure. TBD. | `None` | -| `pod.dockermailserver.securityContext.privileged` | Whether to run this pod in "privileged" mode. | `false` | +| `pod.dockermailserver.hostPID` | Not really sure. TBD. | `None` | | | `service.type` | What scope the service should be exposed in (*LoadBalancer/NodePort/ClusterIP*) | `NodePort` | | `service.loadBalancer.publicIp` | The public IP to assign to the service (*if LoadBalancer*) scope selected above | `None` | | `service.loadBalancer.allowedIps` | The IPs allowed to access the sevice, in CIDR format (*if LoadBalancer*) scope selected above | `[ "0.0.0.0/0" ]` | diff --git a/charts/docker-mailserver/Chart.yaml b/charts/docker-mailserver/Chart.yaml index 90ace7c2..36baec3c 100644 --- a/charts/docker-mailserver/Chart.yaml +++ b/charts/docker-mailserver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "6.3.0" description: A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker. name: docker-mailserver -version: 0.2.2 +version: 0.2.3 sources: - https://github.com/funkypenguin/docker-mailserver maintainers: diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml index 11b66ac1..ffa634e6 100644 --- a/charts/docker-mailserver/templates/deployment.yaml +++ b/charts/docker-mailserver/templates/deployment.yaml @@ -53,9 +53,7 @@ spec: - name: prep-config image: {{ .Values.initContainer.image.name }}:{{ .Values.initContainer.image.tag }} imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} - command: [ 'sh','-c', 'cp /tmp/configmaps/* /tmp/docker-mailserver -rfpvL' ] - securityContext: -{{ toYaml .Values.pod.dockermailserver.securityContext | indent 12 }} + command: [ 'sh','-c', 'cp /tmp/configmaps/* /tmp/docker-mailserver -rfpvL' ] volumeMounts: - name: configmap mountPath: /tmp/configmaps @@ -72,8 +70,6 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{ toYaml .Values.resources | indent 12 }} - securityContext: -{{ toYaml .Values.pod.dockermailserver.securityContext | indent 12 }} {{- if eq .Values.pod.dockermailserver.enable_fail2ban 1.0 }} capabilities: add: diff --git a/charts/docker-mailserver/values.yaml b/charts/docker-mailserver/values.yaml index 4fe00825..4f7a0776 100644 --- a/charts/docker-mailserver/values.yaml +++ b/charts/docker-mailserver/values.yaml @@ -114,13 +114,6 @@ pod: ## Ref: https://kubernetes.io/docs/api-reference/v1/definitions/#_v1_podspec # pod.dockermailserver.hostPID defines whether the pod should use the host's PID namespace (default false) hostPID: false - securityContext: - ## pod.dockermailserver.securityContext defines whether the container should be run in "privileged" mode (essentially, root on the host) - ## Ref: http://kubernetes.io/docs/api-reference/v1/definitions/#_v1_securitycontext - ## Default: false - privileged: false - runAsUser: 10001 - runAsGroup: 10001 ## The following variables affect the behaviour of docker-mailserver ## See https://github.com/tomav/docker-mailserver#environment-variables for details