update openvswitch to run with non-root user
Change-Id: I27a0927fb8b01b4eb997e8e7b840adc7a9e56d26
This commit is contained in:
parent
45c22402a7
commit
5b47f00633
openvswitch
releasenotes/notes
@ -119,7 +119,8 @@ function start () {
|
||||
-vconsole:err \
|
||||
-vconsole:info \
|
||||
--pidfile=${OVS_PID} \
|
||||
--mlockall
|
||||
--mlockall \
|
||||
--user="{{ .Values.conf.ovs_user_name }}"
|
||||
}
|
||||
|
||||
function stop () {
|
||||
|
@ -150,10 +150,10 @@ spec:
|
||||
- name: run
|
||||
mountPath: /run
|
||||
- name: openvswitch-vswitchd
|
||||
{{- if .Values.conf.ovs_dpdk.enabled }}
|
||||
{{/* Run the container in priviledged mode due to the need for root
|
||||
permissions when using the uio_pci_generic driver. */}}
|
||||
permissions when we specify --user to run in non-root. */}}
|
||||
{{- $_ := set $envAll.Values.pod.security_context.ovs.container.vswitchd "privileged" true -}}
|
||||
{{- if .Values.conf.ovs_dpdk.enabled }}
|
||||
{{/* Limiting CPU cores would severely affect packet throughput
|
||||
It should be handled through lcore and pmd core masks. */}}
|
||||
{{- if .Values.pod.resources.enabled }}
|
||||
|
@ -241,4 +241,8 @@ conf:
|
||||
# vHost IOMMU feature restricts the vhost memory that a virtio device
|
||||
# access, available with DPDK v17.11
|
||||
# vhost_iommu_support: true
|
||||
## OVS supports run in non-root for both OVS and OVS DPDK mode, the user
|
||||
# for OVS need to be added to container image with user id 42424.
|
||||
# useradd -u 42424 openvswitch, groupmod -g 42424 openvswitch
|
||||
ovs_user_name: "openvswitch:openvswitch"
|
||||
...
|
||||
|
4
releasenotes/notes/openvswitch-0b37403ffc75bb63.yaml
Normal file
4
releasenotes/notes/openvswitch-0b37403ffc75bb63.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
openvswitch:
|
||||
- Change Open vSwitch to run with non-root user
|
||||
...
|
Loading…
x
Reference in New Issue
Block a user