kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix kube-vip container securityContext (#11647)

pull/11657/head
kyrie 2024-10-22 00:42:52 +08:00 committed by GitHub
parent 5aea2abc40
commit 693eb74f52
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
View File

@ -104,11 +104,16 @@ spec:
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
name: kube-vip name: kube-vip
resources: {} resources: {}
{% if kube_vip_lb_fwdmethod == "masquerade" %}
securityContext:
privileged: true
{% else %}
securityContext: securityContext:
capabilities: capabilities:
add: add:
- NET_ADMIN - NET_ADMIN
- NET_RAW - NET_RAW
{% endif %}
volumeMounts: volumeMounts:
- mountPath: /etc/kubernetes/admin.conf - mountPath: /etc/kubernetes/admin.conf
name: kubeconfig name: kubeconfig