remove code

Signed-off-by: souravbiswassanto <[email protected]>
kubedb · Feb 9, 2024 · f33002b · f33002b
1 parent dac61fd
commit f33002b
Showing 1 changed file with 0 additions and 33 deletions.
diff --git a/apis/kubedb/v1alpha2/postgres_helpers.go b/apis/kubedb/v1alpha2/postgres_helpers.go
@@ -337,42 +337,9 @@ func (p *Postgres) setDefaultContainerSecurityContext(podTemplate *ofst.PodTempl
 	if podTemplate.Spec.SecurityContext.FSGroup == nil {
 		podTemplate.Spec.SecurityContext.FSGroup = pgVersion.Spec.SecurityContext.RunAsUser
 	}
-	p.setDefaultCapabilitiesForPostgres(podTemplate.Spec.ContainerSecurityContext)
 	p.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext, pgVersion)
 }
 
-func (p *Postgres) setDefaultCapabilitiesForPostgres(sc *core.SecurityContext) {
-	if sc.Capabilities == nil {
-		sc.Capabilities = &core.Capabilities{
-			Drop: []core.Capability{"ALL"},
-		}
-	} else if sc.Capabilities.Drop == nil && p.matchedPreviousCapabilities(sc) {
-		sc.Capabilities = &core.Capabilities{
-			Drop: []core.Capability{"ALL"},
-		}
-	}
-}
-
-func (p *Postgres) matchedPreviousCapabilities(sc *core.SecurityContext) bool {
-	caps := sc.Capabilities.Add
-	capPattern := []core.Capability{IPS_LOCK, SYS_RESOURCE}
-	if len(caps) != len(capPattern) {
-		return false
-	}
-	for i := range caps {
-		found := false
-		for _, capability := range capPattern {
-			if caps[i] == capability {
-				found = true
-			}
-		}
-		if !found {
-			return false
-		}
-	}
-	return true
-}
-
 func (p *Postgres) assignDefaultContainerSecurityContext(sc *core.SecurityContext, pgVersion *catalog.PostgresVersion) {
 	if sc.AllowPrivilegeEscalation == nil {
 		sc.AllowPrivilegeEscalation = pointer.BoolP(false)