Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Enable privileged containers for apiserver and controller #57561
What this PR does / why we need it:
In OpenStack environment, when there is no metadata service, we
Special notes for your reviewer:
@dims: failed to re-open PR: state cannot be changed. There are no new commits on the dims:enable-privileged-container-for-apiserver-and-controller branch.
@kad we need CAP_SYS_ADMIN as we are mounting/unmounting file systems (similar to http://ceph.com/planet/no-more-privileged-containers-for-ceph-osds/). Any suggestions on the best way to do this?
Thanks for the quick review!
I'd also like if we could reduce the permission scope if possible. If it's only possible with privileged, fine with me
[APPROVALNOTIFIER] This PR is APPROVED
Associated issue: #47392
The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing