Merge "Run maas-rack and maas-region containers as non-privileged"
This commit is contained in:
commit
cf2c328861
|
@ -75,7 +75,14 @@ spec:
|
|||
command:
|
||||
- /tmp/start.sh
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add:
|
||||
- 'DAC_READ_SEARCH'
|
||||
- 'NET_ADMIN'
|
||||
- 'SYS_ADMIN'
|
||||
- 'SYS_PTRACE'
|
||||
- 'SYS_RESOURCE'
|
||||
- 'SYS_TIME'
|
||||
readinessProbe:
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 300
|
||||
|
|
|
@ -67,7 +67,14 @@ spec:
|
|||
tcpSocket:
|
||||
port: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add:
|
||||
- 'SYS_ADMIN'
|
||||
- 'NET_ADMIN'
|
||||
- 'SYS_PTRACE'
|
||||
- 'SYS_TIME'
|
||||
- 'SYS_RESOURCE'
|
||||
- 'DAC_READ_SEARCH'
|
||||
command:
|
||||
- /tmp/start.sh
|
||||
volumeMounts:
|
||||
|
|
Loading…
Reference in New Issue