Give kube-apiserver CAP_NET_BIND_SERVICE

It is needed to bind on port 443
2015-06-19 16:18:12 -04:00
parent e08bd6f3c3
commit 3d10f00401
1 changed files with 4 additions and 0 deletions
--- a/contrib/ansible/roles/master/tasks/main.yml
+++ b/contrib/ansible/roles/master/tasks/main.yml
@@ -20,6 +20,10 @@
  notify:
    - restart scheduler

+- name: add cap_net_bind_service to kube-apiserver
+  capabilities: path=/usr/bin/kube-apiserver capability=cap_net_bind_service=ep state=present
+  when: not is_atomic
+
 - name: Enable apiserver
  service: name=kube-apiserver enabled=yes state=started