Revert "Drop linux capabilities and rework users/groups"

2026-03-08 11:07:43 +03:00 · 2017-02-06 15:58:54 +03:00
parent b7bf502e02
commit fd30131dc2
48 changed files with 81 additions and 413 deletions
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -51,18 +51,3 @@ netchecker_kubectl_memory_requests: 64M
 etcd_cert_dir: "/etc/ssl/etcd/ssl"
 calico_cert_dir: "/etc/calico/certs"
 canal_cert_dir: "/etc/canal/certs"
-
-# Linux capabilities to be dropped for k8s apps ran by container engines
-apps_drop_cap:
-  - chown
-  - dac_override
-  - fowner
-  - fsetid
-  - kill
-  - setgid
-  - setuid
-  - setpcap
-  - sys_chroot
-  - mknod
-  - audit_write
-  - setfcap