From ba7e713e19333b15bcde1b4ac9a1eafee5befb3b Mon Sep 17 00:00:00 2001
From: Peter Hunt <pehunt@redhat.com>
Date: Tue, 29 Oct 2019 13:23:54 -0400
Subject: [PATCH] give etcd-metrics container privilege

as it is trying to run /run/etc/environment on the host, but has no permissions to do so

This change is needed to bump to CRI-O 1.16:
    Kube 1.14 would turn privileged on for every container in a static pod as long as just one had privileged on. That's why etcd was still running in privileged in 1.14 even w/o the flag, see #526
    Kube 1.16 has disabled that now and we need to set that for every container in a static pod that needs privilege

Signed-off-by: Peter Hunt <pehunt@redhat.com>
---
 .../_base/files/etc-kubernetes-manifests-etcd-member.yaml       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml b/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml
index 96f164887f..6a3b494867 100644
--- a/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml
+++ b/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml
@@ -176,6 +176,8 @@ contents:
         - name: metric
           containerPort: 9979
           protocol: TCP
+        securityContext:
+          privileged: true
       hostNetwork: true
       priorityClassName: system-node-critical
       tolerations: