From 662eeee241f864f6e5de751c7575f3f5487abf99 Mon Sep 17 00:00:00 2001 From: Mark Burnett Date: Wed, 7 Nov 2018 11:20:54 -0600 Subject: [PATCH] Enable PodShareProcessNamespace feature gate This feature is used by a number of OpenStack Helm pods, as well as the kube-proxy pod now. Change-Id: I3b4c1a94e66da2e712431486f8e2d0cbfe04fec4 --- global/profiles/genesis.yaml | 1 + global/software/charts/kubernetes/core/apiserver.yaml | 1 + global/software/config/Kubelet.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/global/profiles/genesis.yaml b/global/profiles/genesis.yaml index b262a5a0e..589711c2e 100644 --- a/global/profiles/genesis.yaml +++ b/global/profiles/genesis.yaml @@ -87,6 +87,7 @@ data: - --authorization-mode=Node,RBAC - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds - --endpoint-reconciler-type=lease + - --feature-gates=PodShareProcessNamespace=true armada: target_manifest: cluster-bootstrap labels: diff --git a/global/software/charts/kubernetes/core/apiserver.yaml b/global/software/charts/kubernetes/core/apiserver.yaml index e493e3ab8..e64ed9b8e 100644 --- a/global/software/charts/kubernetes/core/apiserver.yaml +++ b/global/software/charts/kubernetes/core/apiserver.yaml @@ -130,6 +130,7 @@ data: - --authorization-mode=Node,RBAC - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds - --endpoint-reconciler-type=lease + - --feature-gates=PodShareProcessNamespace=true dependencies: - kubernetes-apiserver-htk --- diff --git a/global/software/config/Kubelet.yaml b/global/software/config/Kubelet.yaml index 06d34fd07..48e1494b8 100644 --- a/global/software/config/Kubelet.yaml +++ b/global/software/config/Kubelet.yaml @@ -33,3 +33,4 @@ data: - --kube-api-burst=40 - --kube-api-qps=20 - --seccomp-profile-root=SECCOMP_PROFILE_ROOT + - --feature-gates=PodShareProcessNamespace=true