External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-16 16:37:33 -02:30
Code Issues Packages Projects Releases Wiki Activity

Revert "Drop linux capabilities and rework users/groups"

Browse Source
This commit is contained in:
Matthew Mosesohn
2017-02-06 15:58:54 +03:00
committed by GitHub
parent b7bf502e02
commit fd30131dc2
48 changed files with 81 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/etcd/defaults/main.yml
View File

@@ -3,26 +3,10 @@ etcd_bin_dir: "{{ local_release_dir }}/etcd/etcd-{{ etcd_version }}-linux-amd64/
etcd_config_dir: /etc/ssl/etcd
etcd_cert_dir: "{{ etcd_config_dir }}/ssl"
etcd_cert_group: root
etcd_script_dir: "{{ bin_dir }}/etcd-scripts"
# Linux capabilities to be dropped for container engines
etcd_drop_cap:
- chown
- dac_override
- fowner
- fsetid
- kill
- setgid
- setuid
- setpcap
- net_bind_service
- net_raw
- sys_chroot
- mknod
- audit_write
- setfcap
# Limits
etcd_memory_limit: 512M
etcd_cpu_limit: 300m