aboutsummaryrefslogtreecommitdiffstats
path: root/kud/hosting_providers
diff options
context:
space:
mode:
Diffstat (limited to 'kud/hosting_providers')
-rw-r--r--kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml10
-rw-r--r--kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml10
-rwxr-xr-xkud/hosting_providers/vagrant/setup.sh3
3 files changed, 21 insertions, 2 deletions
diff --git a/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml b/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
index 30e8bc42..7d0404a5 100644
--- a/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
+++ b/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
@@ -87,10 +87,20 @@ podsecuritypolicy_enabled: true
# allowedCapabilities:
# - '*'
# by
+# allowedCapabilities:
+# - NET_ADMIN
+# - SYS_ADMIN
+# - SYS_NICE
+# - SYS_PTRACE
# requiredDropCapabilities:
# - NET_RAW
podsecuritypolicy_restricted_spec:
privileged: true
+ allowedCapabilities:
+ - NET_ADMIN
+ - SYS_ADMIN
+ - SYS_NICE
+ - SYS_PTRACE
allowPrivilegeEscalation: true
volumes:
- '*'
diff --git a/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml b/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
index 8d4795be..7803f27a 100644
--- a/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
+++ b/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
@@ -84,10 +84,20 @@ podsecuritypolicy_enabled: true
# allowedCapabilities:
# - '*'
# by
+# allowedCapabilities:
+# - NET_ADMIN
+# - SYS_ADMIN
+# - SYS_NICE
+# - SYS_PTRACE
# requiredDropCapabilities:
# - NET_RAW
podsecuritypolicy_restricted_spec:
privileged: true
+ allowedCapabilities:
+ - NET_ADMIN
+ - SYS_ADMIN
+ - SYS_NICE
+ - SYS_PTRACE
allowPrivilegeEscalation: true
volumes:
- '*'
diff --git a/kud/hosting_providers/vagrant/setup.sh b/kud/hosting_providers/vagrant/setup.sh
index db6a732c..7251872a 100755
--- a/kud/hosting_providers/vagrant/setup.sh
+++ b/kud/hosting_providers/vagrant/setup.sh
@@ -11,7 +11,7 @@
set -o nounset
set -o pipefail
-vagrant_version=2.2.4
+vagrant_version=2.2.14
if ! vagrant version &>/dev/null; then
enable_vagrant_install=true
else
@@ -94,7 +94,6 @@ case ${ID,,} in
;;
ubuntu|debian)
- libvirt_group="libvirtd"
INSTALLER_CMD="sudo -H -E apt-get -y -q=3 install"
packages+=(python-dev)