From 5f1893c1a38a74172ccd862e8a74ae1d6e89c23a Mon Sep 17 00:00:00 2001
From: Martyn Ranyard <m@rtyn.berlin>
Date: Mon, 30 Oct 2023 17:39:54 +0100
Subject: [PATCH] add capabilities

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
---
 apps-kustomized/cert-manager-webhook-dnsimple/args.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apps-kustomized/cert-manager-webhook-dnsimple/args.yaml b/apps-kustomized/cert-manager-webhook-dnsimple/args.yaml
index 1c818cc..331816a 100644
--- a/apps-kustomized/cert-manager-webhook-dnsimple/args.yaml
+++ b/apps-kustomized/cert-manager-webhook-dnsimple/args.yaml
@@ -10,3 +10,9 @@ spec:
         sysctls:
         - name: "net.ipv4.ip_unprivileged_port_start"
           value: "0"
+        securityContext:
+          capabilities:
+            drop:
+            - "ALL"
+            add:
+            - "NET_BIND_SERVICE"