Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
kubeadm: prevent PSP blocking of upgrade image prepull #77792
What this PR does / why we need it:
If the cluster has a PSP that blocks Pods from running as root
Workaround that by adding a PodSecurityContext with RunAsUser=999.
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: neolit123
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing
the pod itself might not require root, but the command (kubeadm upgrade) that creates it does require root. so
It would be, although that would be the same as setting
If the cluster has a PSP that blocks Pods from running as root the DS that handles upgrade prepull will fail to create its Pods. Workaround that by adding a PodSecurityContext with RunAsUser=999.
1 similar comment