Browse Source

Merge "Add upgrade description to release note"

changes/12/586012/1
Zuul 3 years ago
committed by Gerrit Code Review
parent
commit
0cf35cbf7e
1 changed files with 8 additions and 4 deletions
  1. +8
    -4
      releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml

+ 8
- 4
releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml View File

@ -1,8 +1,12 @@
---
security:
- |
When using Kubernetes as the orchestrator, Qinling will create Kubernetes
pods to run executions of functions. In Kubernetes, pods are non-isolated
unless the NetworkPolicy is configured and enforced. In Qinling, we create
NetworkPolicy to disable the communication between pods and the traffic
When using Kubernetes as the orchestrator, Qinling will create Kubernetes
pods to run executions of functions. In Kubernetes, pods are non-isolated
unless the NetworkPolicy is configured and enforced. In Qinling, we create
NetworkPolicy to disable the communication between pods and the traffic
from outside the cluster.
upgrade:
- Re-apply the Kubernetes manifest file to grant NetworkPolicy resource
operation permission to ``qinling`` user in Kubernetes,
``curl -sSL https://raw.githubusercontent.com/openstack/qinling/master/example/kubernetes/k8s_qinling_role.yaml | kubectl apply -f -``

Loading…
Cancel
Save