jhunt
commented
4 years ago Turns out we can't just disable it at the apiserver; our kube-proxy daemonset relies on being able to do privileged pods.
Closed jhunt closed 4 years ago
jhunt
commented
4 years ago Turns out we can't just disable it at the apiserver; our kube-proxy daemonset relies on being able to do privileged pods.
jhunt
commented
4 years ago This is a job for PSPs
I would like to be able to disable privileged pods with a custom, purpose-built spec property.
Something like:
This should affect the (currently hard-coded)
--allow-privileged=...line at https://github.com/jhunt/k8s-boshrelease/blob/master/jobs/control/templates/bin/api#L54