openstack/openstack-helm
Code Issues Proposed changes

Merge "OVS: update container privs"

Browse Source
This commit is contained in:
Zuul 2018-08-01 16:19:35 +00:00 committed by Gerrit Code Review
commit 36942c58be
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openvswitch/templates/daemonset-ovs-db.yaml
View File

@ -51,7 +51,6 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
privileged: true
command: command:
- /tmp/openvswitch-db-server.sh - /tmp/openvswitch-db-server.sh
- start - start

4
openvswitch/templates/daemonset-ovs-vswitchd.yaml
View File

@ -68,7 +68,9 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.ovs.vswitchd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.ovs.vswitchd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
privileged: true capabilities:
add:
- NET_ADMIN
# ensures this container can speak to the ovs database # ensures this container can speak to the ovs database
# successfully before its marked as ready # successfully before its marked as ready
readinessProbe: readinessProbe: