epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

sysctl related PodSecurityPolicy spec since 1.12 (#3743)

Browse Source
This commit is contained in:
Erwan Miran
2018-11-26 09:13:51 +01:00
committed by k8s-ci-robot
parent c5e425b02b
commit b15e685a0b
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/kubernetes-apps/cluster_roles/templates/psp.yml.j2
View File

@@ -43,6 +43,10 @@ spec:
- min: 1
max: 65535
readOnlyRootFilesystem: false
{% if kube_version is version('v1.12.1', '>=') %}
forbiddenSysctls:
- '*'
{% endif %}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
@@ -75,3 +79,8 @@ spec:
fsGroup:
rule: 'RunAsAny'
readOnlyRootFilesystem: false
{% if kube_version is version('v1.12.1', '>=') %}
# This will fail if allowed-unsafe-sysctls is not set accordingly in kubelet flags
allowedUnsafeSysctls:
- '*'
{% endif %}