diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index a34a8bd2..0d923822 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.2 +version: 0.2.3 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 5800af5f..599ff38e 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -75,6 +75,7 @@ The following tables lists the configurable parameters of the Sentry chart and t | `ingress.tls` | Ingress TLS configuration | `[]` | | `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | | `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | | `mongodb.enabled` | Use external MongoDB for data storage | `false` | | `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | | `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index f631c259..35485938 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -42,6 +42,12 @@ spec: - name: stun containerPort: 3478 protocol: UDP + {{- if .Values.addSetfcap }} + securityContext: + capabilities: + add: + - SETFCAP + {{- end }} livenessProbe: httpGet: path: /status diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index a4def1c9..51f00c89 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -109,6 +109,7 @@ ingress: timezone: UTC runAsRoot: false +addSetfcap: true # define an external mongoDB instead of using the built-in mongodb mongodb: