[Ci-users] apps.ci SCC and oci-kvm-hook ?

Colin Walters

walters at verbum.org
Wed Jan 31 20:51:30 UTC 2018


Hi, we'd like to migrate some of our workloads into
Kubernetes jobs; see for example:
https://github.com/projectatomic/papr/pull/70/commits/bdaabc975b6770e2c6826aa259cfd2c7fddd0b9e

What are the available resources in apps.ci versus Duffy?

A lot of our jobs want basically a "classic Docker"
environment with e.g. uid 0, but not CAP_SYS_ADMIN.  And with seccomp disabled, etc.
I was trying to create the test pod below, but it fails.  It looks like our accounts
use the default SCC.  Can we lift these restrictions?

BTW, I'd also like oci-kvm-hook installed, with this patch: https://github.com/stefwalter/oci-kvm-hook/pull/4

apiVersion: v1
kind: DeploymentConfig
metadata:
  labels:
    run: cgwalters-shell
  name: cgwalters-shell
spec:
  replicas: 1
  selector:
    run: cgwalters-shell
  strategy:
    resources: {}
  template:
    metadata:
      labels:
        run: cgwalters-shell
    spec:
      containers:
      - args:
        - sleep
        - 24h
        image: registry.fedoraproject.org/fedora:27
        name: cgwalters-shell
        # Run as uid 0
        securityContext:
          runAsUser: 0



More information about the CI-users mailing list