From 108d9606d7b2737813ac115d0bbff2f055ee8b92 Mon Sep 17 00:00:00 2001
From: Pete Birley <pete@port.direct>
Date: Mon, 30 Jul 2018 17:43:38 -0500
Subject: [PATCH] OVS: update container privs

This PS updates the privs granted to the OvS containers.

Change-Id: Ie50ae5692dbf67c19f55521a5cb46308480f737a
Signed-off-by: Pete Birley <pete@port.direct>
---
 openvswitch/templates/daemonset-ovs-db.yaml       | 1 -
 openvswitch/templates/daemonset-ovs-vswitchd.yaml | 4 +++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml
index e9330c1c99..6275d71a8b 100644
--- a/openvswitch/templates/daemonset-ovs-db.yaml
+++ b/openvswitch/templates/daemonset-ovs-db.yaml
@@ -51,7 +51,6 @@ spec:
 {{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
           securityContext:
             runAsUser: 0
-            privileged: true
           command:
             - /tmp/openvswitch-db-server.sh
             - start
diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
index 4d3d491a76..f792ed05ab 100644
--- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml
+++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
@@ -68,7 +68,9 @@ spec:
 {{ tuple $envAll $envAll.Values.pod.resources.ovs.vswitchd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
           securityContext:
             runAsUser: 0
-            privileged: true
+            capabilities:
+              add:
+                - NET_ADMIN
           # ensures this container can speak to the ovs database
           # successfully before its marked as ready
           readinessProbe: