Closed jhunt closed 4 years ago
I would like to be able to disable privileged pods with a custom, purpose-built spec property.
Something like:
properties: privileged-pods: no
This should affect the (currently hard-coded) --allow-privileged=... line at https://github.com/jhunt/k8s-boshrelease/blob/master/jobs/control/templates/bin/api#L54
--allow-privileged=...
Turns out we can't just disable it at the apiserver; our kube-proxy daemonset relies on being able to do privileged pods.
apiserver
This is a job for PSPs
I would like to be able to disable privileged pods with a custom, purpose-built spec property.
Something like:
This should affect the (currently hard-coded)
--allow-privileged=...
line at https://github.com/jhunt/k8s-boshrelease/blob/master/jobs/control/templates/bin/api#L54