run chaos-daemon in privileged by default#1453
Conversation
Signed-off-by: cwen0 <cwenyin0@gmail.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #1453 +/- ##
==========================================
- Coverage 55.78% 52.00% -3.78%
==========================================
Files 68 80 +12
Lines 4383 5107 +724
==========================================
+ Hits 2445 2656 +211
- Misses 1768 2183 +415
- Partials 170 268 +98 see 80 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
| {{- end }} | ||
| securityContext: | ||
| {{- if .Values.chaosDaemon.privileged }} | ||
| privileged: true |
There was a problem hiding this comment.
Please remove 2 spaces here.
I think privileged: true should keep the same indent level with capabilities.
Signed-off-by: cwen0 <cwenyin0@gmail.com>
| {{- if .Values.chaosDaemon.privileged }} | ||
| privileged: true | ||
| {{- else }} | ||
| capabilities: |
There was a problem hiding this comment.
do we need to remove these capabilities when privileged is true
There was a problem hiding this comment.
SYS_PTRACE must be kept and others can be removed.
There was a problem hiding this comment.
Other capabilities are unnecessary when privileged is true, except SYS_PTRACE. I think we can delete them to make the code cleaner
Signed-off-by: cwen0 <cwenyin0@gmail.com>
Signed-off-by: cwen0 <cwenyin0@gmail.com>
|
/merge |
|
Your auto merge job has been accepted, waiting for:
|
|
/run-all-tests |
5 participants
Signed-off-by: cwen0 cwenyin0@gmail.com
What problem does this PR solve?
What is changed and how does it work?
Add a field to control
privilegedmode and run chaos-daemon in privileged by default.Checklist
Tests
Side effects
Related changes
Does this PR introduce a user-facing change?