mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 20:53:33 +00:00
Allow adding default capabilities to unprivileged addons
This commit is contained in:
parent
6d76e35b39
commit
13adb97714
@ -19,6 +19,22 @@ metadata:
|
||||
spec:
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
# The docker default set of capabilities
|
||||
allowedCapabilities:
|
||||
- SETPCAP
|
||||
- MKNOD
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- NET_RAW
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- SETGID
|
||||
- SETUID
|
||||
- NET_BIND_SERVICE
|
||||
- SYS_CHROOT
|
||||
- SETFCAP
|
||||
volumes:
|
||||
- 'emptyDir'
|
||||
- 'configMap'
|
||||
|
Loading…
Reference in New Issue
Block a user