Enable privileged containers for apiserver and controller #57561
@dims: failed to re-open PR: state cannot be changed. There are no new commits on the dims:enable-privileged-container-for-apiserver-and-controller branch.
@kad we need CAP_SYS_ADMIN as we are mounting/unmounting file systems (similar to http://ceph.com/planet/no-more-privileged-containers-for-ceph-osds/). Any suggestions on the best way to do this?
Thanks for the quick review!
In OpenStack environment, when there is no metadata service, we look at the config drive to figure out the metadata. Since we need to run commands like blkid, we need to ensure that api server and kube controller are running in the privileged mode. So add a new field in MasterConfiguration for specifying that the api server and controller manager (s) need extra privileges. Added a TODO to remove this code when we fully yank out cloud provider specific calls from these processes.
[APPROVALNOTIFIER] This PR is APPROVED
Associated issue: #47392
The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing