Ingress: Fix security context for pod/container

During armada bootstrap, ingress pod tries to execute chroot [0]
inside root directory on host machine to load dummy kernel module
and getting permission denied error.

[0] https://opendev.org/openstack/openstack-helm-infra/src/branch/master/ingress/templates/bin/_ingress-vip-routed.sh.tpl#L22

Change-Id: Icf7e29e95e0c3cf2bf71a22711a03218390c90cb
This commit is contained in:
Alexander Noskov 2019-06-07 15:59:31 -05:00 committed by Rahul Khiyani
parent b4b1dd9528
commit d9b939979d

View File

@ -57,23 +57,23 @@ pod:
capabilities: capabilities:
add: add:
- SYS_MODULE - SYS_MODULE
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsUser: 0
ingress_vip_init: ingress_vip_init:
capabilities: capabilities:
add: add:
- NET_ADMIN - NET_ADMIN
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
ingress:
runAsUser: 0 runAsUser: 0
ingress:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
runAsUser: 0
ingress_vip: ingress_vip:
capabilities: capabilities:
add: add:
- NET_ADMIN - NET_ADMIN
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsUser: 0
affinity: affinity:
anti: anti:
type: type: