13 lines
643 B
YAML
13 lines
643 B
YAML
---
|
|
security:
|
|
- |
|
|
When using Kubernetes as the orchestrator, Qinling will create Kubernetes
|
|
pods to run executions of functions. In Kubernetes, pods are non-isolated
|
|
unless the NetworkPolicy is configured and enforced. In Qinling, we create
|
|
NetworkPolicy to disable the communication between pods and the traffic
|
|
from outside the cluster.
|
|
upgrade:
|
|
- Re-apply the Kubernetes manifest file to grant NetworkPolicy resource
|
|
operation permission to ``qinling`` user in Kubernetes,
|
|
``curl -sSL https://raw.githubusercontent.com/openstack/qinling/master/example/kubernetes/k8s_qinling_role.yaml | kubectl apply -f -``
|