github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Allow etcd container to work with selinux.

pull/6/head
Devan Goodwin 2016-09-21 12:35:22 -03:00 committed by Ilya Dmitrichenko
parent 0f05ccb019
commit 832d83efaa
No known key found for this signature in database
GPG Key ID: E7889175A6C0CEB9
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/kubeadm/app/master/manifests.go
View File

@ -96,6 +96,15 @@ func WriteStaticPodManifests(s *kubeadmapi.KubeadmConfig) error {
Image: images.GetCoreImage(images.KubeEtcdImage, s.EnvParams["etcd_image"]),
LivenessProbe: componentProbe(2379, "/health"),
Resources: componentResources("200m"),
SecurityContext: &api.SecurityContext{
SELinuxOptions: &api.SELinuxOptions{
// TODO: This implies our etcd container is not being restricted by
// SELinux. This is not optimal and would be nice to adjust in future
// so it can create and write /var/lib/etcd, but for now this avoids
// recommending setenforce 0 system-wide.
Type: "unconfined_t",
},
},
}, certsVolume(s), etcdVolume(s), k8sVolume(s))
}