pod level securityContext.capabilities reflecting in helm template but not after helm upgrade

[archittsc]

I need to configure the pod security context which I did by adding .Values.controller.podSecurityContext as shown below. However even after adding and deploying using helm upgrade, my deployment is not reflecting the changes. Screenshots attached below.

values.yaml file

deployment yaml (live manifest)

How can I make my changes reflect in the actual ingress controller deployment?

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[strongjz]

@Gacko will the fix we just put in, fix this?

[Gacko]

controller.podSecurityContext goes straight into the .spec.template.securityContext of the Deployment and therefore into the .spec.securityContext of the Pod.

According to API docs, Pods don't have a capabilities field: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core

This might be the reason why it's not in the live manifest.

@archittsc: Consider setting this in controller.containerSecurityContext. But actually you don't need to do so in the upcoming version of our chart anymore.

[Gacko]

/close

[k8s-ci-robot]

@Gacko: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.