Merge "Run maas-rack and maas-region containers as non-privileged"
This commit is contained in:
commit
cf2c328861
|
@ -75,7 +75,14 @@ spec:
|
||||||
command:
|
command:
|
||||||
- /tmp/start.sh
|
- /tmp/start.sh
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
capabilities:
|
||||||
|
add:
|
||||||
|
- 'DAC_READ_SEARCH'
|
||||||
|
- 'NET_ADMIN'
|
||||||
|
- 'SYS_ADMIN'
|
||||||
|
- 'SYS_PTRACE'
|
||||||
|
- 'SYS_RESOURCE'
|
||||||
|
- 'SYS_TIME'
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
initialDelaySeconds: 60
|
initialDelaySeconds: 60
|
||||||
periodSeconds: 300
|
periodSeconds: 300
|
||||||
|
|
|
@ -67,7 +67,14 @@ spec:
|
||||||
tcpSocket:
|
tcpSocket:
|
||||||
port: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
port: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
capabilities:
|
||||||
|
add:
|
||||||
|
- 'SYS_ADMIN'
|
||||||
|
- 'NET_ADMIN'
|
||||||
|
- 'SYS_PTRACE'
|
||||||
|
- 'SYS_TIME'
|
||||||
|
- 'SYS_RESOURCE'
|
||||||
|
- 'DAC_READ_SEARCH'
|
||||||
command:
|
command:
|
||||||
- /tmp/start.sh
|
- /tmp/start.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|
Loading…
Reference in New Issue