External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-19 14:57:43 -02:30
Code Issues Packages Projects Releases Wiki Activity

Revert "Drop linux capabilities and rework users/groups"

Browse Source
This commit is contained in:
Matthew Mosesohn
2017-02-06 15:58:54 +03:00
committed by GitHub
parent b7bf502e02
commit fd30131dc2
48 changed files with 81 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/etcd/templates/etcd-docker.service.j2
View File

@@ -14,12 +14,8 @@ ExecStart={{ docker_bin_dir }}/docker run --restart=on-failure:5 \
-v /etc/ssl/certs:/etc/ssl/certs:ro \
-v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
-v /var/lib/etcd:/var/lib/etcd:rw \
{% for c in etcd_drop_cap %}
--cap-drop={{ c }} \
{% endfor %}
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
--name={{ etcd_member_name | default("etcd") }} \
-u {{ etcd_user_id }}:{{ etcd_group_id }} --group-add {{ etcd_cert_group_id }} \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
{% if etcd_after_v3 %}
{{ etcd_container_bin_dir }}etcd