From cf95d321385cc227261af00e9c5dacd876972093 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Thu, 17 Aug 2023 14:53:29 -0400
Subject: [PATCH] Add NET_BIND_SERVICE capability to Consul's restricted
 securityContext

---
 charts/consul/templates/_helpers.tpl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/charts/consul/templates/_helpers.tpl b/charts/consul/templates/_helpers.tpl
index dcf016ebfb..f5efa015bc 100644
--- a/charts/consul/templates/_helpers.tpl
+++ b/charts/consul/templates/_helpers.tpl
@@ -37,6 +37,8 @@ securityContext:
   capabilities:
     drop:
     - ALL
+    add:
+    - NET_BIND_SERVICE
   runAsNonRoot: true
   seccompProfile:
     type: RuntimeDefault