Closed ledroide closed 4 years ago
Thanks a lot for the report. That looks good to me. would you be able to create a PR?
Fixes with #92.
Additional notes :
--containerd=unix:////run/containerd/containerd.sock
, you need to add these lines to the podsecucuritypolicy :
- pathPrefix: /run/containerd
readOnly: true
@astefanutti : Since this is a common pattern for containerd in Kubernetes, I suggest you add this rule by default, or as a comment in the psp manifest
Since this is a common pattern for containerd in Kubernetes, I suggest you add this rule by default, or as a comment in the psp manifest
Thanks for the suggestion. I've added it in 6320993dc8d1d2f9e4c1e694c354cc60b05dac44.
Hello,
The PodSecurityPolicy provided with the cAdvisor implementation, in file cadvisor.yaml, is wrong and leads to a error when applying the cAdvisor DaemonSet.
Here is my PodSecurityPolicy that works :
FYI, I have used kube-psp-advisor to help me solve the issue and build this PodSecurityPolicy.
Serge