Skip to content

Commit

Permalink
give etcd-metrics container privilege
Browse files Browse the repository at this point in the history 
as it is trying to run /run/etc/environment on the host, but has no permissions to do so

This change is needed to bump to CRI-O 1.16:
    Kube 1.14 would turn privileged on for every container in a static pod as long as just one had privileged on. That's why etcd was still running in privileged in 1.14 even w/o the flag, see #526
    Kube 1.16 has disabled that now and we need to set that for every container in a static pod that needs privilege

Signed-off-by: Peter Hunt <[email protected]>
  • Loading branch information
@haircommander @alaypatel07
haircommander authored and alaypatel07 committed Nov 12, 2019
1 parent 55bb5fc commit ba7e713
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,8 @@ contents:
- name: metric
containerPort: 9979
protocol: TCP
securityContext:
privileged: true
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
Expand Down

0 comments on commit ba7e713

Please sign in to comment.