From ab6db0f11cee6466b30cce9ee80a156ab03dc613 Mon Sep 17 00:00:00 2001 From: Matt McEuen Date: Mon, 15 Jul 2019 17:19:49 -0500 Subject: [PATCH] Make apt container privileged This makes the main container within the apt daemonset run as privileged, which is required to perform kernel upgrades through it. It was confirmed that even with all capabilities enabled, an unprivileged apt is unable to perform the necessary updates to the boot partition during a kernel upgrade. Change-Id: I4e996794f24fcfc9d8ced7a58cecd2ceec36f6c5 --- divingbell/templates/daemonset-apt.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/divingbell/templates/daemonset-apt.yaml b/divingbell/templates/daemonset-apt.yaml index 955688a..eeb929b 100644 --- a/divingbell/templates/daemonset-apt.yaml +++ b/divingbell/templates/daemonset-apt.yaml @@ -48,6 +48,8 @@ spec: mountPath: /tmp/{{ $daemonset }}.sh subPath: {{ $daemonset }} readOnly: true + securityContext: + privileged: true volumes: - name: rootfs-{{ $daemonset }} hostPath: