[Ci-users] apps.ci SCC and oci-kvm-hook ?
Brian Stinson
brian at bstinson.comThu Feb 1 13:43:31 UTC 2018
- Previous message: [Ci-users] plot plugin
- Next message: [Ci-users] apps.ci SCC and oci-kvm-hook ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jan 31 15:51, Colin Walters wrote: > Hi, we'd like to migrate some of our workloads into > Kubernetes jobs; see for example: > https://github.com/projectatomic/papr/pull/70/commits/bdaabc975b6770e2c6826aa259cfd2c7fddd0b9e > > What are the available resources in apps.ci versus Duffy? > > A lot of our jobs want basically a "classic Docker" > environment with e.g. uid 0, but not CAP_SYS_ADMIN. And with seccomp disabled, etc. > I was trying to create the test pod below, but it fails. It looks like our accounts > use the default SCC. Can we lift these restrictions? > > BTW, I'd also like oci-kvm-hook installed, with this patch: https://github.com/stefwalter/oci-kvm-hook/pull/4 > > apiVersion: v1 > kind: DeploymentConfig > metadata: > labels: > run: cgwalters-shell > name: cgwalters-shell > spec: > replicas: 1 > selector: > run: cgwalters-shell > strategy: > resources: {} > template: > metadata: > labels: > run: cgwalters-shell > spec: > containers: > - args: > - sleep > - 24h > image: registry.fedoraproject.org/fedora:27 > name: cgwalters-shell > # Run as uid 0 > securityContext: > runAsUser: 0 > _______________________________________________ > Ci-users mailing list > Ci-users at centos.org > https://lists.centos.org/mailman/listinfo/ci-users We have separate SCCs per-namespace for this. I'll see if I can get a proper one on your project. As far as the oci-kvm-hook thing goes, do we know a timeline for getting that merged? --Brian
- Previous message: [Ci-users] plot plugin
- Next message: [Ci-users] apps.ci SCC and oci-kvm-hook ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CI-users mailing list