summaryrefslogtreecommitdiffstats
path: root/kud/hosting_providers
diff options
context:
space:
mode:
Diffstat (limited to 'kud/hosting_providers')
-rw-r--r--kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml10
-rw-r--r--kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml10
2 files changed, 20 insertions, 0 deletions
diff --git a/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml b/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
index 30e8bc42..7d0404a5 100644
--- a/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
+++ b/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
@@ -87,10 +87,20 @@ podsecuritypolicy_enabled: true
# allowedCapabilities:
# - '*'
# by
+# allowedCapabilities:
+# - NET_ADMIN
+# - SYS_ADMIN
+# - SYS_NICE
+# - SYS_PTRACE
# requiredDropCapabilities:
# - NET_RAW
podsecuritypolicy_restricted_spec:
privileged: true
+ allowedCapabilities:
+ - NET_ADMIN
+ - SYS_ADMIN
+ - SYS_NICE
+ - SYS_PTRACE
allowPrivilegeEscalation: true
volumes:
- '*'
diff --git a/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml b/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
index 8d4795be..7803f27a 100644
--- a/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
+++ b/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
@@ -84,10 +84,20 @@ podsecuritypolicy_enabled: true
# allowedCapabilities:
# - '*'
# by
+# allowedCapabilities:
+# - NET_ADMIN
+# - SYS_ADMIN
+# - SYS_NICE
+# - SYS_PTRACE
# requiredDropCapabilities:
# - NET_RAW
podsecuritypolicy_restricted_spec:
privileged: true
+ allowedCapabilities:
+ - NET_ADMIN
+ - SYS_ADMIN
+ - SYS_NICE
+ - SYS_PTRACE
allowPrivilegeEscalation: true
volumes:
- '*'