Revert "Drop linux capabilities and rework users/groups"

2026-03-11 06:29:38 -02:30 · 2017-02-06 15:58:54 +03:00
parent b7bf502e02
commit fd30131dc2
48 changed files with 81 additions and 413 deletions
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -20,23 +20,6 @@ global_as_num: "64512"
 # defaults. The value should be a number, not a string.
 # calico_mtu: 1500

-# Linux capabilities to be dropped for container engines
-calico_drop_cap:
-  - chown
-  - dac_override
-  - fowner
-  - fsetid
-  - kill
-  - setgid
-  - setuid
-  - setpcap
-  - net_bind_service
-  - net_raw
-  - sys_chroot
-  - mknod
-  - audit_write
-  - setfcap
-
 # Limits for apps
 calico_node_memory_limit: 500M
 calico_node_cpu_limit: 300m