From 97fca622769e7a2fff348a6fe2b71b39621d956c Mon Sep 17 00:00:00 2001
From: Dmitrii Didenko <dmitrii.didenko@finsight.com>
Date: Mon, 13 Sep 2021 15:34:27 +0300
Subject: [PATCH 1/2] Added security context to work with oom events

---
 charts/cadvisor/Chart.yaml               | 2 +-
 charts/cadvisor/templates/daemonset.yaml | 4 ++++
 charts/cadvisor/values.yaml              | 5 +++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/charts/cadvisor/Chart.yaml b/charts/cadvisor/Chart.yaml
index ae27500..8e42c64 100644
--- a/charts/cadvisor/Chart.yaml
+++ b/charts/cadvisor/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 description: A chart for a Cadvisor deployment
 name: cadvisor
-version: 1.2.4
+version: 1.3.0
 appVersion: 0.39.2
 home: https://github.com/google/cadvisor
 sources:
diff --git a/charts/cadvisor/templates/daemonset.yaml b/charts/cadvisor/templates/daemonset.yaml
index 9ca1a50..6d761fd 100644
--- a/charts/cadvisor/templates/daemonset.yaml
+++ b/charts/cadvisor/templates/daemonset.yaml
@@ -48,6 +48,10 @@ spec:
           mountPath: {{ default .path .mount }}
           readOnly: true
         {{- end }}
+        {{ if .Values.podSecurityContext.create }}
+        securityContext:
+          privileged: {{ .Values.podSecurityContext.privileged }}
+        {{- end }}
         ports:
         - name: http
           containerPort: {{ .Values.container.port }}
diff --git a/charts/cadvisor/values.yaml b/charts/cadvisor/values.yaml
index e0e419d..5ef889f 100644
--- a/charts/cadvisor/values.yaml
+++ b/charts/cadvisor/values.yaml
@@ -58,6 +58,11 @@ podSecurityPolicy:
   create: false
   privileged: false
 
+# Specifies whether a securityContext should be created. Required for privileged operations.
+podSecurityContext:
+  create: false
+  privileged: false
+
 nodeSelector: {}
 
 tolerations: []

From b8a6a392cd3f7bfb25776f64fce6655a2956000f Mon Sep 17 00:00:00 2001
From: Dmitrii Didenko <dmitrii.didenko@finsight.com>
Date: Mon, 13 Sep 2021 16:23:58 +0300
Subject: [PATCH 2/2] Fixed README file

---
 charts/cadvisor/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/charts/cadvisor/README.md b/charts/cadvisor/README.md
index dc24965..2a103bf 100644
--- a/charts/cadvisor/README.md
+++ b/charts/cadvisor/README.md
@@ -59,6 +59,8 @@ The following table lists the configurable parameters of the cAdvisor chart and
 | `podAnnotations`               | annotations for the daemonset pods               | `{}`                       |
 | `podSecurityPolicy.create`     | create a own PodSecurityPolicy for the pod       | `false`                    |
 | `podSecurityPolicy.privileged` | create the PodSecurityPolicy as privileged       | `false`                    |
+| `podSecurityContext.create`    | create the podSecurityContext in container spec  | `false`                    |
+| `podSecurityContext.privileged`| set podSecurityContext privileged to true        | `false`                    |
 | `metrics.enabled`              | create ServiceMonitor CR for Prometheus operator | `false`                    |
 | `metrics.relabeling`           | add relabeling configuration to ServiceMonitor   | `[]`                       |