sysctl related PodSecurityPolicy spec since 1.12 (#3743)
This commit is contained in:
parent
c5e425b02b
commit
b15e685a0b
1 changed files with 9 additions and 0 deletions
|
@ -43,6 +43,10 @@ spec:
|
||||||
- min: 1
|
- min: 1
|
||||||
max: 65535
|
max: 65535
|
||||||
readOnlyRootFilesystem: false
|
readOnlyRootFilesystem: false
|
||||||
|
{% if kube_version is version('v1.12.1', '>=') %}
|
||||||
|
forbiddenSysctls:
|
||||||
|
- '*'
|
||||||
|
{% endif %}
|
||||||
---
|
---
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
|
@ -75,3 +79,8 @@ spec:
|
||||||
fsGroup:
|
fsGroup:
|
||||||
rule: 'RunAsAny'
|
rule: 'RunAsAny'
|
||||||
readOnlyRootFilesystem: false
|
readOnlyRootFilesystem: false
|
||||||
|
{% if kube_version is version('v1.12.1', '>=') %}
|
||||||
|
# This will fail if allowed-unsafe-sysctls is not set accordingly in kubelet flags
|
||||||
|
allowedUnsafeSysctls:
|
||||||
|
- '*'
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue