fix(ovs): add capability to openvswitch

While OpenVSwitch works in the gate using kubernetes 1.16, running this
in kubernetes 1.18 causes a permission denied error while executing
chroot in an init container script [0]. This adds the SYS_CHROOT
capability to address the error.

[0] https://opendev.org/openstack/openstack-helm-infra/src/branch/master/openvswitch/templates/bin/_openvswitch-vswitchd-init-modules.sh.tpl#L18-L20

Change-Id: I62c01678cce6cd4e98418ed5518613ccd5eecbf9
Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam 2020-06-18 08:20:31 -05:00
parent eaaf0062e4
commit 587182c779

View File

@ -88,6 +88,7 @@ pod:
capabilities: capabilities:
add: add:
- SYS_MODULE - SYS_MODULE
- SYS_CHROOT
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
vswitchd: vswitchd:
runAsUser: 0 runAsUser: 0