Browse Source

Add upgrade description to release note

Change-Id: I771ecd07b6f51fd195f81cf0d5b1c48b1e88f4af
Story:2001585
Task:6534
changes/17/585717/1
Lingxian Kong 3 years ago
parent
commit
af6da47e58
1 changed files with 8 additions and 4 deletions
  1. +8
    -4
      releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml

+ 8
- 4
releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml View File

@ -1,8 +1,12 @@
---
security:
- |
When using Kubernetes as the orchestrator, Qinling will create Kubernetes
pods to run executions of functions. In Kubernetes, pods are non-isolated
unless the NetworkPolicy is configured and enforced. In Qinling, we create
NetworkPolicy to disable the communication between pods and the traffic
When using Kubernetes as the orchestrator, Qinling will create Kubernetes
pods to run executions of functions. In Kubernetes, pods are non-isolated
unless the NetworkPolicy is configured and enforced. In Qinling, we create
NetworkPolicy to disable the communication between pods and the traffic
from outside the cluster.
upgrade:
- Re-apply the Kubernetes manifest file to grant NetworkPolicy resource
operation permission to ``qinling`` user in Kubernetes,
``curl -sSL https://raw.githubusercontent.com/openstack/qinling/master/example/kubernetes/k8s_qinling_role.yaml | kubectl apply -f -``

Loading…
Cancel
Save