openstack/qinling
Code Issues Proposed changes
185be7bb88
qinling/releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml
Lingxian Kong af6da47e58 Add upgrade description to release note 
Change-Id: I771ecd07b6f51fd195f81cf0d5b1c48b1e88f4af
Story:2001585
Task:6534
2018-07-25 23:26:04 +12:00

13 lines
643 B
YAML
Raw Blame History

---
security:
- |
When using Kubernetes as the orchestrator, Qinling will create Kubernetes
pods to run executions of functions. In Kubernetes, pods are non-isolated
unless the NetworkPolicy is configured and enforced. In Qinling, we create
NetworkPolicy to disable the communication between pods and the traffic
from outside the cluster.
upgrade:
- Re-apply the Kubernetes manifest file to grant NetworkPolicy resource
operation permission to ``qinling`` user in Kubernetes,
``curl -sSL https://raw.githubusercontent.com/openstack/qinling/master/example/kubernetes/k8s_qinling_role.yaml | kubectl apply -f -``
View Git Blame Copy Permalink