summaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/images/nfd-master.yaml
AgeCommit message (Collapse)AuthorFilesLines
2020-12-09Enable pod security policiesTodd Malsbary1-0/+17
The intention with this change is to disable CAP_NET_RAW (which can be a security vulnerability) for created Pods. kubespray provides the podsecuritypolicy_enabled variable for enabling privileged (for kube-system) and restricted (for everyone else) policies. Enabling this requires binding the KUD_ADDONs to the privileged policy and specifying the security context correctly for Pods running in the default namespace. As of this change, the only difference between the privileged and restricted security policies is the dropping of CAP_NET_RAW in the restricted policy. To use the default restricted policy provided with kubespray, additional changes must be made to the Pods that are run in the default namespace (such as runing as a non-root user, not requesting privileged mode, etc.). Issue-ID: MULTICLOUD-1256 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
2019-09-11Integrating NFD Daemonset with KuDAkhila Kishore1-0/+86
Current NFD code in KuD is unused and obsolete. Integrating NFD as DaemonSet and updating test case for NFD. Added comments. Addressed comments and changed the matchExpression to kernel features. Changed operator from "In" to Gt, and values 4 to 3 better fit broader spectrum of O.S's. Adding exit conditon in case there's an error status. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-797 Change-Id: I454fb1998fc84e5f0d566f32b7dcfd85872c5183