Merge "Run Divingbell containers as unprivileged"
This commit is contained in:
commit
b8f2792eb6
|
@ -49,7 +49,9 @@ spec:
|
||||||
subPath: {{ $daemonset }}
|
subPath: {{ $daemonset }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
capabilities:
|
||||||
|
add:
|
||||||
|
- 'MAC_ADMIN'
|
||||||
volumes:
|
volumes:
|
||||||
- name: rootfs-{{ $daemonset }}
|
- name: rootfs-{{ $daemonset }}
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
|
@ -48,8 +48,6 @@ spec:
|
||||||
mountPath: /tmp/{{ $daemonset }}.sh
|
mountPath: /tmp/{{ $daemonset }}.sh
|
||||||
subPath: {{ $daemonset }}
|
subPath: {{ $daemonset }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: rootfs-{{ $daemonset }}
|
- name: rootfs-{{ $daemonset }}
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
|
@ -51,7 +51,9 @@ spec:
|
||||||
subPath: {{ $daemonset }}
|
subPath: {{ $daemonset }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
capabilities:
|
||||||
|
add:
|
||||||
|
- 'NET_ADMIN'
|
||||||
volumes:
|
volumes:
|
||||||
- name: rootfs-{{ $daemonset }}
|
- name: rootfs-{{ $daemonset }}
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
|
@ -50,8 +50,6 @@ spec:
|
||||||
mountPath: /tmp/{{ $daemonset }}.sh
|
mountPath: /tmp/{{ $daemonset }}.sh
|
||||||
subPath: {{ $daemonset }}
|
subPath: {{ $daemonset }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: rootfs-{{ $daemonset }}
|
- name: rootfs-{{ $daemonset }}
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
|
@ -50,8 +50,6 @@ spec:
|
||||||
mountPath: /tmp/{{ $daemonset }}.sh
|
mountPath: /tmp/{{ $daemonset }}.sh
|
||||||
subPath: {{ $daemonset }}
|
subPath: {{ $daemonset }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: rootfs-{{ $daemonset }}
|
- name: rootfs-{{ $daemonset }}
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
|
@ -50,8 +50,6 @@ spec:
|
||||||
mountPath: /tmp/{{ $daemonset }}.sh
|
mountPath: /tmp/{{ $daemonset }}.sh
|
||||||
subPath: {{ $daemonset }}
|
subPath: {{ $daemonset }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: rootfs-{{ $daemonset }}
|
- name: rootfs-{{ $daemonset }}
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
|
@ -51,7 +51,11 @@ spec:
|
||||||
subPath: {{ $daemonset }}
|
subPath: {{ $daemonset }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
capabilities:
|
||||||
|
add:
|
||||||
|
- 'SYS_PTRACE'
|
||||||
|
- 'SYS_ADMIN'
|
||||||
|
- 'SYS_RAWIO'
|
||||||
volumes:
|
volumes:
|
||||||
- name: rootfs-{{ $daemonset }}
|
- name: rootfs-{{ $daemonset }}
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
|
@ -50,8 +50,6 @@ spec:
|
||||||
mountPath: /tmp/{{ $daemonset }}.sh
|
mountPath: /tmp/{{ $daemonset }}.sh
|
||||||
subPath: {{ $daemonset }}
|
subPath: {{ $daemonset }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: rootfs-{{ $daemonset }}
|
- name: rootfs-{{ $daemonset }}
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
Loading…
Reference in New Issue