From 9f666969df779834af97859dc19e39b81f602bd2 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 5 Nov 2014 11:51:15 -0500 Subject: [PATCH] In example unit file, run the scheduler as kube, not root Only the kubelet and proxy do things which need root privs --- contrib/init/systemd/kube-scheduler.service | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/init/systemd/kube-scheduler.service b/contrib/init/systemd/kube-scheduler.service index 6d123ed921f..7ca88417e8f 100644 --- a/contrib/init/systemd/kube-scheduler.service +++ b/contrib/init/systemd/kube-scheduler.service @@ -6,6 +6,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/apiserver EnvironmentFile=-/etc/kubernetes/scheduler +User=kube ExecStart=/usr/bin/kube-scheduler \ ${KUBE_LOGTOSTDERR} \ ${KUBE_LOG_LEVEL} \