Ingress: Fix security context for pod/container

During armada bootstrap, ingress pod tries to execute chroot [0]
inside root directory on host machine to load dummy kernel module
and getting permission denied error.

[0] https://opendev.org/openstack/openstack-helm-infra/src/branch/master/ingress/templates/bin/_ingress-vip-routed.sh.tpl#L22

Change-Id: Icf7e29e95e0c3cf2bf71a22711a03218390c90cb
This commit is contained in:
Alexander Noskov 2019-06-07 15:59:31 -05:00 committed by Rahul Khiyani
parent b4b1dd9528
commit d9b939979d

View File

@ -57,23 +57,23 @@ pod:
capabilities:
add:
- SYS_MODULE
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 0
ingress_vip_init:
capabilities:
add:
- NET_ADMIN
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
ingress:
runAsUser: 0
ingress:
readOnlyRootFilesystem: false
runAsUser: 0
ingress_vip:
capabilities:
add:
- NET_ADMIN
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 0
affinity:
anti:
type: