Merge "Implement Security Context for Nova"
This commit is contained in:
commit
0ee6063173
@ -58,8 +58,7 @@ spec:
|
|||||||
{{ tuple $envAll "pod_dependency" $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
{{ tuple $envAll "pod_dependency" $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
- name: nova-compute-init
|
- name: nova-compute-init
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
runAsUser: 0
|
|
||||||
env:
|
env:
|
||||||
- name: NOVA_USER_UID
|
- name: NOVA_USER_UID
|
||||||
value: "{{ .Values.pod.user.nova.uid }}"
|
value: "{{ .Values.pod.user.nova.uid }}"
|
||||||
@ -79,8 +78,7 @@ spec:
|
|||||||
{{- if .Values.conf.ceph.enabled }}
|
{{- if .Values.conf.ceph.enabled }}
|
||||||
- name: ceph-perms
|
- name: ceph-perms
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "ceph_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
runAsUser: 0
|
|
||||||
command:
|
command:
|
||||||
- chown
|
- chown
|
||||||
- -R
|
- -R
|
||||||
@ -94,6 +92,7 @@ spec:
|
|||||||
{{- if empty .Values.conf.ceph.cinder.keyring }}
|
{{- if empty .Values.conf.ceph.cinder.keyring }}
|
||||||
- name: ceph-admin-keyring-placement
|
- name: ceph-admin-keyring-placement
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "nova" "container" "ceph_admin_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
command:
|
command:
|
||||||
- /tmp/ceph-admin-keyring.sh
|
- /tmp/ceph-admin-keyring.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -114,8 +113,7 @@ spec:
|
|||||||
{{ end }}
|
{{ end }}
|
||||||
- name: ceph-keyring-placement
|
- name: ceph-keyring-placement
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
env:
|
env:
|
||||||
- name: CEPH_CINDER_USER
|
- name: CEPH_CINDER_USER
|
||||||
value: "{{ .Values.conf.ceph.cinder.user }}"
|
value: "{{ .Values.conf.ceph.cinder.user }}"
|
||||||
@ -144,8 +142,7 @@ spec:
|
|||||||
- name: nova-compute-vnc-init
|
- name: nova-compute-vnc-init
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_vnc_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-compute-init.sh
|
- /tmp/nova-console-compute-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -162,8 +159,7 @@ spec:
|
|||||||
- name: nova-compute-spice-init
|
- name: nova-compute-spice-init
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_spice_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-compute-init.sh
|
- /tmp/nova-console-compute-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -180,6 +176,7 @@ spec:
|
|||||||
- name: nova-compute
|
- name: nova-compute
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "nova_compute" "container" "nova_compute" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
{{- if .Values.conf.ceph.enabled }}
|
{{- if .Values.conf.ceph.enabled }}
|
||||||
@ -316,6 +313,7 @@ spec:
|
|||||||
- name: nova-compute-ssh
|
- name: nova-compute-ssh
|
||||||
{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "nova_compute" "container" "nova_compute_ssh" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
env:
|
env:
|
||||||
|
@ -58,8 +58,7 @@ spec:
|
|||||||
- name: nova-api-metadata-init
|
- name: nova-api-metadata-init
|
||||||
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_api_metadata_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-api-metadata-init.sh
|
- /tmp/nova-api-metadata-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -79,8 +78,7 @@ spec:
|
|||||||
- name: nova-api
|
- name: nova-api
|
||||||
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-api-metadata.sh
|
- /tmp/nova-api-metadata.sh
|
||||||
- start
|
- start
|
||||||
|
@ -59,8 +59,7 @@ spec:
|
|||||||
- name: nova-osapi
|
- name: nova-osapi
|
||||||
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_osapi" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-api.sh
|
- /tmp/nova-api.sh
|
||||||
- start
|
- start
|
||||||
@ -83,6 +82,8 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: pod-tmp
|
- name: pod-tmp
|
||||||
mountPath: /tmp
|
mountPath: /tmp
|
||||||
|
- name: pod-var-nova
|
||||||
|
mountPath: /var/lib/nova
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
mountPath: /tmp/nova-api.sh
|
mountPath: /tmp/nova-api.sh
|
||||||
subPath: nova-api.sh
|
subPath: nova-api.sh
|
||||||
@ -111,6 +112,8 @@ spec:
|
|||||||
volumes:
|
volumes:
|
||||||
- name: pod-tmp
|
- name: pod-tmp
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
|
- name: pod-var-nova
|
||||||
|
emptyDir: {}
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-bin
|
name: nova-bin
|
||||||
|
@ -58,8 +58,7 @@ spec:
|
|||||||
- name: nova-conductor
|
- name: nova-conductor
|
||||||
{{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_conductor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
|
@ -58,8 +58,7 @@ spec:
|
|||||||
- name: nova-consoleauth
|
- name: nova-consoleauth
|
||||||
{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_consoleauth" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
|
@ -59,8 +59,7 @@ spec:
|
|||||||
- name: nova-novncproxy-init
|
- name: nova-novncproxy-init
|
||||||
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_novncproxy_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-proxy-init.sh
|
- /tmp/nova-console-proxy-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -83,6 +82,7 @@ spec:
|
|||||||
- name: nova-novncproxy-init-assets
|
- name: nova-novncproxy-init-assets
|
||||||
{{ tuple $envAll "nova_novncproxy_assets" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_novncproxy_assets" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_novncproxy_init_assests" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-proxy-init-assets.sh
|
- /tmp/nova-console-proxy-init-assets.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -98,6 +98,7 @@ spec:
|
|||||||
- name: nova-novncproxy
|
- name: nova-novncproxy
|
||||||
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_novncproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
tcpSocket:
|
tcpSocket:
|
||||||
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
@ -58,8 +58,7 @@ spec:
|
|||||||
- name: nova-scheduler
|
- name: nova-scheduler
|
||||||
{{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
|
@ -59,8 +59,7 @@ spec:
|
|||||||
- name: nova-spiceproxy-init
|
- name: nova-spiceproxy-init
|
||||||
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_spiceproxy_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-proxy-init.sh
|
- /tmp/nova-console-proxy-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -83,6 +82,7 @@ spec:
|
|||||||
- name: nova-spiceproxy-init-assets
|
- name: nova-spiceproxy-init-assets
|
||||||
{{ tuple $envAll "nova_spiceproxy_assets" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_spiceproxy_assets" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_spiceproxy_init_assets" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-proxy-init-assets.sh
|
- /tmp/nova-console-proxy-init-assets.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -98,6 +98,7 @@ spec:
|
|||||||
- name: nova-spiceproxy
|
- name: nova-spiceproxy
|
||||||
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_spiceproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
tcpSocket:
|
tcpSocket:
|
||||||
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
@ -2114,6 +2114,70 @@ pod:
|
|||||||
user:
|
user:
|
||||||
nova:
|
nova:
|
||||||
uid: 42424
|
uid: 42424
|
||||||
|
security_context:
|
||||||
|
nova:
|
||||||
|
pod:
|
||||||
|
runAsUser: 42424
|
||||||
|
container:
|
||||||
|
nova_compute_init:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsUser: 0
|
||||||
|
ceph_perms:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsUser: 0
|
||||||
|
ceph_admin_keyring_placement:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
ceph_keyring_placement:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_compute_vnc_init:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_compute_spice_init:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_compute:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
privileged: true
|
||||||
|
nova_compute_ssh:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
privileged: true
|
||||||
|
nova_api_metadata_init:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_api:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_osapi:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_conductor:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_consoleauth:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_novncproxy_init:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_novncproxy_init_assests:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_novncproxy:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_scheduler:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_spiceproxy_init:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_spiceproxy_init_assets:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
nova_spiceproxy:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
affinity:
|
affinity:
|
||||||
anti:
|
anti:
|
||||||
type:
|
type:
|
||||||
|
Loading…
Reference in New Issue
Block a user