On Jan 31 15:51, Colin Walters wrote:
Hi, we'd like to migrate some of our workloads into Kubernetes jobs; see for example: https://github.com/projectatomic/papr/pull/70/commits/bdaabc975b6770e2c6826a...
What are the available resources in apps.ci versus Duffy?
A lot of our jobs want basically a "classic Docker" environment with e.g. uid 0, but not CAP_SYS_ADMIN. And with seccomp disabled, etc. I was trying to create the test pod below, but it fails. It looks like our accounts use the default SCC. Can we lift these restrictions?
BTW, I'd also like oci-kvm-hook installed, with this patch: https://github.com/stefwalter/oci-kvm-hook/pull/4
apiVersion: v1 kind: DeploymentConfig metadata: labels: run: cgwalters-shell name: cgwalters-shell spec: replicas: 1 selector: run: cgwalters-shell strategy: resources: {} template: metadata: labels: run: cgwalters-shell spec: containers: - args: - sleep - 24h image: registry.fedoraproject.org/fedora:27 name: cgwalters-shell # Run as uid 0 securityContext: runAsUser: 0 _______________________________________________ Ci-users mailing list Ci-users@centos.org https://lists.centos.org/mailman/listinfo/ci-users
We have separate SCCs per-namespace for this. I'll see if I can get a proper one on your project.
As far as the oci-kvm-hook thing goes, do we know a timeline for getting that merged?
--Brian