Ingress: Fix security context for pod/container
During armada bootstrap, ingress pod tries to execute chroot [0] inside root directory on host machine to load dummy kernel module and getting permission denied error. [0] https://opendev.org/openstack/openstack-helm-infra/src/branch/master/ingress/templates/bin/_ingress-vip-routed.sh.tpl#L22 Change-Id: Icf7e29e95e0c3cf2bf71a22711a03218390c90cb
This commit is contained in:
parent
b4b1dd9528
commit
d9b939979d
@ -57,23 +57,23 @@ pod:
|
|||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- SYS_MODULE
|
- SYS_MODULE
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
|
runAsUser: 0
|
||||||
ingress_vip_init:
|
ingress_vip_init:
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
ingress:
|
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
|
ingress:
|
||||||
readOnlyRootFilesystem: false
|
readOnlyRootFilesystem: false
|
||||||
|
runAsUser: 0
|
||||||
ingress_vip:
|
ingress_vip:
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
|
runAsUser: 0
|
||||||
affinity:
|
affinity:
|
||||||
anti:
|
anti:
|
||||||
type:
|
type:
|
||||||
|
Loading…
Reference in New Issue
Block a user