removed NET_BIND_SERVICE from pod security context in all places

netfoundry · Nov 18, 2024 · 360e0d3 · 360e0d3
1 parent 6d617b9
commit 360e0d3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,7 +9,7 @@ All notable changes to this project will be documented in this file. The format
 
   ```shell
   Capabilities: &corev1.Capabilities{
-	Add:  []corev1.Capability{"NET_ADMIN", "NET_BIND_SERVICE"},
+	Add:  []corev1.Capability{"NET_ADMIN"},
 	Drop: []corev1.Capability{"ALL"},
   },
   RunAsUser:  &rootUser, (deafault = true)

diff --git a/ziti-agent/cmd/webhook/pods.go b/ziti-agent/cmd/webhook/pods.go
@@ -151,7 +151,7 @@ func zitiTunnel(ar admissionv1.AdmissionReview) *admissionv1.AdmissionResponse {
 
 		sidecarSecurityContext = &corev1.SecurityContext{
 			Capabilities: &corev1.Capabilities{
-				Add:  []corev1.Capability{"NET_ADMIN", "NET_BIND_SERVICE"},
+				Add:  []corev1.Capability{"NET_ADMIN"},
 				Drop: []corev1.Capability{"ALL"},
 			},
 			RunAsUser:  &rootUser,