Remove securityContext (because it breaks docker-mailserver behaviour)

funkypenguin · funkypenguin · commit c3869ad539c9 · 2020-04-27T09:54:49.000+12:00
Signed-off-by: David Young &lt;davidy@funkypenguin.co.nz&gt;
diff --git a/README.markdown b/README.markdown
@@ -210,8 +210,7 @@ The following table lists the configurable parameters of the docker-mailserver c
 | `livenessTests.enabled`                          | Array of commands to execute in sequence, to determine container health. A non-zero exit of any command is considered a failure                                                      | `[ "clamscan /tmp/docker-mailserver/TrustedHosts" ]` |
 | `pod.dockermailserver.hostNetwork`                | Whether the pod should be connected to the "host" network (a primitive solution to ingress NAT problem)                                                                              | `false`                                              |
 | `pod.dockermailserver.hostPID`                    | Not really sure. TBD.                                                                                                                                                                | `None`                                               |
-| `pod.dockermailserver.hostPID`                    | Not really sure. TBD.                                                                                                                                                                | `None`                                               |
-| `pod.dockermailserver.securityContext.privileged` | Whether to run this pod in "privileged" mode.                                                                                                                                        | `false`                                              |
+| `pod.dockermailserver.hostPID`                    | Not really sure. TBD.                                                                                                                                                                | `None`                                               |                                           |
 | `service.type`                                    | What scope the service should be exposed in  (*LoadBalancer/NodePort/ClusterIP*)                                                                                                     | `NodePort`                                           |
 | `service.loadBalancer.publicIp`                   | The public IP to assign to the service (*if LoadBalancer*) scope selected above                                                                                                      | `None`                                               |
 | `service.loadBalancer.allowedIps`                 | The IPs allowed to access the sevice, in CIDR format (*if LoadBalancer*) scope selected above                                                                                        | `[ "0.0.0.0/0" ]`                                    |
diff --git a/charts/docker-mailserver/Chart.yaml b/charts/docker-mailserver/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "6.3.0"
 description: A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker.
 name: docker-mailserver
-version: 0.2.2
+version: 0.2.3
 sources:
 - https://github.com/funkypenguin/docker-mailserver
 maintainers:
diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml
@@ -53,9 +53,7 @@ spec:
         - name: prep-config
           image: {{ .Values.initContainer.image.name }}:{{ .Values.initContainer.image.tag }}
           imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
-          command: [ 'sh','-c', 'cp /tmp/configmaps/* /tmp/docker-mailserver -rfpvL' ]
-          securityContext:
-{{ toYaml .Values.pod.dockermailserver.securityContext | indent 12 }}          
+          command: [ 'sh','-c', 'cp /tmp/configmaps/* /tmp/docker-mailserver -rfpvL' ]        
           volumeMounts:
             - name: configmap
               mountPath: /tmp/configmaps
@@ -72,8 +70,6 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources:
 {{ toYaml .Values.resources | indent 12 }}
-          securityContext:
-{{ toYaml .Values.pod.dockermailserver.securityContext | indent 12 }}
             {{- if eq .Values.pod.dockermailserver.enable_fail2ban 1.0 }}
             capabilities:
               add:
diff --git a/charts/docker-mailserver/values.yaml b/charts/docker-mailserver/values.yaml
@@ -114,13 +114,6 @@ pod:
     ## Ref: https://kubernetes.io/docs/api-reference/v1/definitions/#_v1_podspec
     # pod.dockermailserver.hostPID defines whether the pod should use the host's PID namespace (default false)
     hostPID: false
-    securityContext:
-      ## pod.dockermailserver.securityContext defines whether the container should be run in "privileged" mode (essentially, root on the host)
-      ## Ref: http://kubernetes.io/docs/api-reference/v1/definitions/#_v1_securitycontext
-      ## Default: false
-      privileged: false
-      runAsUser: 10001
-      runAsGroup: 10001
 
     ## The following variables affect the behaviour of docker-mailserver
     ## See https://github.com/tomav/docker-mailserver#environment-variables for details
