Ingress: Fix security context for pod/container
During armada bootstrap, ingress pod tries to execute chroot [0] inside root directory on host machine to load dummy kernel module and getting permission denied error. [0] https://opendev.org/openstack/openstack-helm-infra/src/branch/master/ingress/templates/bin/_ingress-vip-routed.sh.tpl#L22 Change-Id: Icf7e29e95e0c3cf2bf71a22711a03218390c90cb
This commit is contained in:
parent
b4b1dd9528
commit
d9b939979d
@ -57,23 +57,23 @@ pod:
|
||||
capabilities:
|
||||
add:
|
||||
- SYS_MODULE
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 0
|
||||
ingress_vip_init:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
ingress:
|
||||
runAsUser: 0
|
||||
ingress:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsUser: 0
|
||||
ingress_vip:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 0
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
|
Loading…
Reference in New Issue
Block a user