From ebb1604a122bf2b66ce104ce5144c4f78ee600e4 Mon Sep 17 00:00:00 2001
From: Aviram Hassan <aviram@metalbear.co>
Date: Mon, 5 Aug 2024 12:00:46 +0300
Subject: [PATCH] use sysctl instead of capability because of k8s limitation,
 1.6.3 (#97)

to avoid https://github.com/kubernetes/kubernetes/issues/56374
---
 mirrord-operator/Chart.yaml                | 2 +-
 mirrord-operator/templates/deployment.yaml | 7 +++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/mirrord-operator/Chart.yaml b/mirrord-operator/Chart.yaml
index 4987ba0..b424e98 100644
--- a/mirrord-operator/Chart.yaml
+++ b/mirrord-operator/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.6.2
+version: 1.6.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/mirrord-operator/templates/deployment.yaml b/mirrord-operator/templates/deployment.yaml
index 350aaf3..3a9258c 100644
--- a/mirrord-operator/templates/deployment.yaml
+++ b/mirrord-operator/templates/deployment.yaml
@@ -111,10 +111,9 @@ spec:
         securityContext:
           allowPrivilegeEscalation: false
           privileged: false
-          capabilities:
-            # allow 443 port binding
-            add:
-            - "NET_BIND_SERVICE"
+          sysctls:
+            - name: net.ipv4.ip_unprivileged_port_start
+              value: "443"
         volumeMounts:
         {{- if or (index .Values.tls.data "tls.key") .Values.tls.certManager.enabled }}
         - mountPath: /tls