From ac919f1908908bde1dd8c051185879c116c48308 Mon Sep 17 00:00:00 2001
From: Zoran Zorica <zoran.zorica@gmail.com>
Date: Wed, 5 Jul 2023 21:33:58 +0200
Subject: [PATCH 1/4] Add option to set securityContext

---
 stable/node-local-dns/Chart.yaml               | 2 +-
 stable/node-local-dns/templates/daemonset.yaml | 2 +-
 stable/node-local-dns/values.yaml              | 3 +++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/stable/node-local-dns/Chart.yaml b/stable/node-local-dns/Chart.yaml
index 6c0fbd9a..aca001cd 100644
--- a/stable/node-local-dns/Chart.yaml
+++ b/stable/node-local-dns/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: node-local-dns
-version: 1.1.1
+version: 1.1.2
 appVersion: 1.22.20
 maintainers:
 - name: gabrieladt
diff --git a/stable/node-local-dns/templates/daemonset.yaml b/stable/node-local-dns/templates/daemonset.yaml
index 8fad8ce0..b5742f2b 100644
--- a/stable/node-local-dns/templates/daemonset.yaml
+++ b/stable/node-local-dns/templates/daemonset.yaml
@@ -48,7 +48,7 @@ spec:
         {{- end }}
         args: [ "-localip", "{{ .Values.config.localDns }},{{ .Values.config.dnsServer }}", "-conf", "/etc/Corefile", "-upstreamsvc", "{{ include "node-local-dns.fullname" . }}-upstream" ]
         securityContext:
-          privileged: true
+          {{- toYaml .Values.securityContext | nindent 10 }}
         ports:
         - containerPort: 53
           name: dns
diff --git a/stable/node-local-dns/values.yaml b/stable/node-local-dns/values.yaml
index b4ab5077..23f95aa4 100644
--- a/stable/node-local-dns/values.yaml
+++ b/stable/node-local-dns/values.yaml
@@ -33,6 +33,9 @@ serviceAccount:
 
 podAnnotations: {}
 
+securityContext:
+  privileged: true
+
 # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md
 serviceMonitor:
   # Ensure that servicemonitor is created

From 141bb5b50c948bf6ed2a2bcd39d2909ea6a577ba Mon Sep 17 00:00:00 2001
From: Zoran Zorica <zoran.zorica@gmail.com>
Date: Wed, 5 Jul 2023 22:01:24 +0200
Subject: [PATCH 2/4] Update README.md

---
 stable/node-local-dns/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/stable/node-local-dns/README.md b/stable/node-local-dns/README.md
index 6064bbf1..e425accc 100644
--- a/stable/node-local-dns/README.md
+++ b/stable/node-local-dns/README.md
@@ -1,6 +1,6 @@
 # node-local-dns
 
-![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![AppVersion: 1.22.20](https://img.shields.io/badge/AppVersion-1.22.20-informational?style=flat-square)
+![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![AppVersion: 1.22.20](https://img.shields.io/badge/AppVersion-1.22.20-informational?style=flat-square)
 
 A chart to install node-local-dns.
 
@@ -67,6 +67,7 @@ helm install my-release deliveryhero/node-local-dns -f values.yaml
 | resources.limits.memory | string | `"128Mi"` |  |
 | resources.requests.cpu | string | `"25m"` |  |
 | resources.requests.memory | string | `"128Mi"` |  |
+| securityContext.privileged | bool | `true` |  |
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |

From c61dfecd93b1a39653103a71f57013505c038498 Mon Sep 17 00:00:00 2001
From: Zoran Zorica <zoran.zorica@gmail.com>
Date: Thu, 6 Jul 2023 13:44:53 +0200
Subject: [PATCH 3/4] Run in non-privileged by default

---
 stable/node-local-dns/values.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/stable/node-local-dns/values.yaml b/stable/node-local-dns/values.yaml
index 23f95aa4..1bdb5220 100644
--- a/stable/node-local-dns/values.yaml
+++ b/stable/node-local-dns/values.yaml
@@ -34,7 +34,9 @@ serviceAccount:
 podAnnotations: {}
 
 securityContext:
-  privileged: true
+  capabilities:
+    add:
+    - NET_ADMIN
 
 # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md
 serviceMonitor:

From fe15290fcb1d5e8a1fbc7ed55a006b3d8fcf50c9 Mon Sep 17 00:00:00 2001
From: Zoran Zorica <zoran.zorica@gmail.com>
Date: Thu, 6 Jul 2023 13:47:30 +0200
Subject: [PATCH 4/4] Update README.md

---
 stable/node-local-dns/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stable/node-local-dns/README.md b/stable/node-local-dns/README.md
index e425accc..311fef53 100644
--- a/stable/node-local-dns/README.md
+++ b/stable/node-local-dns/README.md
@@ -67,7 +67,7 @@ helm install my-release deliveryhero/node-local-dns -f values.yaml
 | resources.limits.memory | string | `"128Mi"` |  |
 | resources.requests.cpu | string | `"25m"` |  |
 | resources.requests.memory | string | `"128Mi"` |  |
-| securityContext.privileged | bool | `true` |  |
+| securityContext.capabilities.add[0] | string | `"NET_ADMIN"` |  |
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |