mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Merge pull request #77792 from neolit123/kubeadm-psp-upgrade-fix
kubeadm: prevent PSP blocking of upgrade image prepull
This commit is contained in:
commit
003c4e5155
@ -45,6 +45,7 @@ go_library(
|
||||
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/pkg/version:go_default_library",
|
||||
"//vendor/github.com/pkg/errors:go_default_library",
|
||||
"//vendor/k8s.io/utils/pointer:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
|
@ -22,13 +22,14 @@ import (
|
||||
|
||||
"github.com/pkg/errors"
|
||||
apps "k8s.io/api/apps/v1"
|
||||
"k8s.io/api/core/v1"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/images"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
|
||||
utilpointer "k8s.io/utils/pointer"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -183,6 +184,11 @@ func buildPrePullDaemonSet(component, image string) *apps.DaemonSet {
|
||||
},
|
||||
Tolerations: []v1.Toleration{constants.ControlPlaneToleration},
|
||||
TerminationGracePeriodSeconds: &gracePeriodSecs,
|
||||
// Explicitly add a PodSecurityContext to allow these Pods to run as non-root.
|
||||
// This prevents restrictive PSPs from blocking the Pod creation.
|
||||
SecurityContext: &v1.PodSecurityContext{
|
||||
RunAsUser: utilpointer.Int64Ptr(999),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user