feat(shield): allow to override capabilities [SMAGENT-8408]

charts/shield/templates/host/daemonset.yaml

@@ -111,6 +111,13 @@ spec:
             runAsUser: 0
             readOnlyRootFilesystem: false
             allowPrivilegeEscalation: true
+            {{- if .Values.host.extra_capabilities }}
+            capabilities:
+              drop:
+                - ALL
+              add:
+                {{- toYaml .Values.host.extra_capabilities | nindent 16 }}
+            {{- end }}
             {{- else }}
             allowPrivilegeEscalation: false
             seccompProfile:
@@ -119,7 +126,11 @@ spec:
               drop:
                 - ALL
               add:
+                {{- if .Values.host.extra_capabilities }}
+                {{- toYaml .Values.host.extra_capabilities | nindent 16 }}
+                {{- else }}
                 {{- include "host.capabilities" . | nindent 16 }}
+                {{- end -}}
             {{- end }}
           env:
             - name: K8S_NODE

charts/shield/values.yaml

@@ -157,6 +157,8 @@ host:
   driver: kmod
   # Additional settings to be passed to the host shield (overrides the helm generated settings)
   additional_settings: {}
+  # Additional capabilities to be used by the host shield container
+  extra_capabilities: []
   image:
     # The registry where the host shield images are stored
     registry: quay.io