mirror of
https://github.com/k8s-at-home/charts.git
synced 2025-01-23 23:49:12 +00:00
[pod-gateway] Support selective configmap generation (#936)
* small fixes * support partial confirmap generation * fix: run gateway init as privileged Signed-off-by: Toboshii Nakama <toboshii@gmail.com> * simplify names Co-authored-by: angelnu <git@angelnucom> Co-authored-by: Toboshii Nakama <toboshii@gmail.com> Co-authored-by: Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs <me@bjw-s.dev>
This commit is contained in:
parent
82bc14973f
commit
bc8aee9648
@ -1,8 +1,8 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.0.0
|
appVersion: 1.2.3
|
||||||
description: Admision controller to change the default gateway and DNS server of PODs
|
description: Admision controller to change the default gateway and DNS server of PODs
|
||||||
name: pod-gateway
|
name: pod-gateway
|
||||||
version: 1.0.1
|
version: 2.0.0
|
||||||
kubeVersion: ">=1.16.0-0"
|
kubeVersion: ">=1.16.0-0"
|
||||||
keywords:
|
keywords:
|
||||||
- pod-gateway
|
- pod-gateway
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# pod-gateway
|
# pod-gateway
|
||||||
|
|
||||||
![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
|
![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 1.2.3](https://img.shields.io/badge/AppVersion-1.2.3-informational?style=flat-square)
|
||||||
|
|
||||||
Admision controller to change the default gateway and DNS server of PODs
|
Admision controller to change the default gateway and DNS server of PODs
|
||||||
|
|
||||||
@ -99,31 +99,49 @@ certificates. It does not install it as dependency to avoid conflicts.
|
|||||||
| additionalVolumeMounts[0].mountPath | string | `"/config"` | |
|
| additionalVolumeMounts[0].mountPath | string | `"/config"` | |
|
||||||
| additionalVolumeMounts[0].name | string | `"config"` | |
|
| additionalVolumeMounts[0].name | string | `"config"` | |
|
||||||
| additionalVolumeMounts[0].readOnly | bool | `true` | |
|
| additionalVolumeMounts[0].readOnly | bool | `true` | |
|
||||||
|
| addons.vpn.configFileSecret | string | `"openvpn"` | |
|
||||||
|
| addons.vpn.enabled | bool | `false` | Enable the VPN if you want to route through a VPN. You might also want to set VPN_BLOCK_OTHER_TRAFFIC to true for extra safeness in case the VPN does connect |
|
||||||
|
| addons.vpn.env | string | `nil` | |
|
||||||
|
| addons.vpn.networkPolicy.egress[0].ports[0].port | int | `443` | |
|
||||||
|
| addons.vpn.networkPolicy.egress[0].ports[0].protocol | string | `"UDP"` | |
|
||||||
|
| addons.vpn.networkPolicy.egress[0].to[0].ipBlock.cidr | string | `"0.0.0.0/0"` | |
|
||||||
|
| addons.vpn.networkPolicy.egress[1].to[0].ipBlock.cidr | string | `"10.0.0.0/8"` | |
|
||||||
|
| addons.vpn.networkPolicy.enabled | bool | `true` | |
|
||||||
|
| addons.vpn.openvpn | string | `nil` | |
|
||||||
|
| addons.vpn.type | string | `"openvpn"` | |
|
||||||
|
| addons.vpn.wireguard | string | `nil` | |
|
||||||
| clusterName | string | `"cluster.local"` | cluster name used to derive the gateway full name |
|
| clusterName | string | `"cluster.local"` | cluster name used to derive the gateway full name |
|
||||||
| command[0] | string | `"/bin/gateway_sidecar.sh"` | |
|
| command[0] | string | `"/bin/gateway_sidecar.sh"` | |
|
||||||
| configmap.data."nat.conf" | string | `"# Configure client PODs with static IP addresses\n# and ports exposed through NAT\n# static IPs must be bellow VXLAN_GATEWAY_FIRST_DYNAMIC_IP\n#\n# hostname IP ports(coma separated)\n# Example:\n# transmission 10 tcp:18289,udp:18289\n"` | settings to expose ports, usually through a VPN provider NOTE: if you change it you will need to manually restart all containers using it |
|
|
||||||
| configmap.data."settings.sh" | string | `"#!/bin/sh\n# hostname of the gateway - it must accept vxlan and DHCP traffic\n# clients get it as env variable\nGATEWAY_NAME=\"${gateway}\"\n# K8S DNS IP address\n# clients get it as env variable\nK8S_DNS_IPS=\"${K8S_DNS_ips}\"\n\n# Vxlan ID to use\nVXLAN_ID=\"42\"\n# VXLAN need an /24 IP range not conflicting with K8S and local IP ranges\nVXLAN_IP_NETWORK=\"172.16.0\"\n# Gateway IP within the VXLAN - client PODs will be routed through it\nVXLAN_GATEWAY_IP=\"${VXLAN_IP_NETWORK}.1\"\n# Keep a range of IPs for static assignment in nat.conf\nVXLAN_GATEWAY_FIRST_DYNAMIC_IP=20\n\n# If using a VPN, interface name created by it\nVPN_INTERFACE=tun0\n# Prevent non VPN traffic to leave the gateway\nVPN_BLOCK_OTHER_TRAFFIC=false\n# Traffic to these IPs will be send through the K8S gateway\nVPN_LOCAL_CIDRS=\"10.0.0.0/8 192.168.0.0/16\"\n\n# DNS queries to these domains will be resolved by K8S DNS instead of\n# the default (typcally the VPN client changes it)\nDNS_LOCAL_CIDRS=\"local\"\n"` | settings for gateway - defaults should usually be good NOTE: if you change it you will need to manually restart all containers using it |
|
|
||||||
| configmap.enabled | bool | `true` | configmap contains clients and gateway PODs setting |
|
|
||||||
| configmap.namespaces | list | `[]` | Namespaces to create the configmap to. It must list all namespaces where client PODs get deployed to. The chart namespace is added automatically |
|
|
||||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||||
| image.repository | string | `"ghcr.io/k8s-at-home/pod-gateway"` | |
|
| image.repository | string | `"ghcr.io/k8s-at-home/pod-gateway"` | |
|
||||||
| image.tag | string | `"v1.1.0"` | |
|
| image.tag | string | `"v1.2.3"` | |
|
||||||
| initContainers[0].command[0] | string | `"/bin/gateway_init.sh"` | |
|
| initContainers[0].command[0] | string | `"/bin/gateway_init.sh"` | |
|
||||||
| initContainers[0].image | string | `nil` | Will be set automatically |
|
| initContainers[0].image | string | `nil` | Will be set automatically |
|
||||||
| initContainers[0].imagePullPolicy | string | `nil` | Will be set automatically |
|
| initContainers[0].imagePullPolicy | string | `nil` | Will be set automatically |
|
||||||
| initContainers[0].name | string | `"routes"` | |
|
| initContainers[0].name | string | `"routes"` | |
|
||||||
| initContainers[0].securityContext.capabilities.add[0] | string | `"NET_ADMIN"` | |
|
| initContainers[0].securityContext.privileged | bool | `true` | |
|
||||||
| initContainers[0].volumeMounts[0].mountPath | string | `"/config"` | |
|
| initContainers[0].volumeMounts[0].mountPath | string | `"/config"` | |
|
||||||
| initContainers[0].volumeMounts[0].name | string | `"config"` | |
|
| initContainers[0].volumeMounts[0].name | string | `"config"` | |
|
||||||
| initContainers[0].volumeMounts[0].readOnly | bool | `true` | |
|
| initContainers[0].volumeMounts[0].readOnly | bool | `true` | |
|
||||||
| probes.liveness.enabled | bool | `false` | |
|
| probes.liveness.enabled | bool | `false` | |
|
||||||
| probes.readiness.enabled | bool | `false` | |
|
| probes.readiness.enabled | bool | `false` | |
|
||||||
| probes.startup.enabled | bool | `false` | |
|
| probes.startup.enabled | bool | `false` | |
|
||||||
|
| publicPorts | string | `nil` | settings to expose ports, usually through a VPN provider. NOTE: if you change it you will need to manually restart the gateway POD |
|
||||||
|
| routed_namespaces | list | `[]` | Namespaces that might contain routed PODs and therefore require a copy of the gneerated settings configmap. |
|
||||||
| securityContext.capabilities.add[0] | string | `"NET_ADMIN"` | |
|
| securityContext.capabilities.add[0] | string | `"NET_ADMIN"` | |
|
||||||
| service.clusterIP | string | `"None"` | |
|
| service.clusterIP | string | `"None"` | |
|
||||||
| service.port.port | int | `4789` | |
|
| service.port.port | int | `4789` | |
|
||||||
| service.port.protocol | string | `"UDP"` | |
|
| service.port.protocol | string | `"UDP"` | |
|
||||||
| service.type | string | `"ClusterIP"` | |
|
| service.type | string | `"ClusterIP"` | |
|
||||||
|
| settings.DNS_LOCAL_CIDRS | string | `"local"` | DNS queries to these domains will be resolved by K8S DNS instead of the default (typcally the VPN client changes it) |
|
||||||
|
| settings.NOT_ROUTED_TO_GATEWAY_CIDRS | string | `""` | IPs not sent to the POD gateway but to the default K8S. Multiple CIDRs can be specified using blanks as separator. Example for Calico: ""172.22.0.0/16 172.24.0.0/16" This is needed, for example, in case your CNI does not add a non-default rule for the K8S addresses (Flannel does). |
|
||||||
|
| settings.VPN_BLOCK_OTHER_TRAFFIC | bool | `false` | Prevent non VPN traffic to leave the gateway |
|
||||||
|
| settings.VPN_INTERFACE | string | `"tun0"` | If using a VPN, interface name created by it |
|
||||||
|
| settings.VPN_LOCAL_CIDRS | string | `"10.0.0.0/8 192.168.0.0/16"` | Traffic to these IPs will be send through the K8S gateway |
|
||||||
|
| settings.VPN_TRAFFIC_PORT | int | `443` | If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port |
|
||||||
|
| settings.VXLAN_GATEWAY_FIRST_DYNAMIC_IP | int | `20` | Keep a range of IPs for static assignment in nat.conf |
|
||||||
|
| settings.VXLAN_ID | int | `42` | Vxlan ID to use |
|
||||||
|
| settings.VXLAN_IP_NETWORK | string | `"172.16.0"` | VXLAN needs an /24 IP range not conflicting with K8S and local IP ranges |
|
||||||
| webhook.additionalVolumes | list | `[]` | |
|
| webhook.additionalVolumes | list | `[]` | |
|
||||||
| webhook.args[0] | string | `"--tls-cert-file-path=/tls/tls.crt"` | |
|
| webhook.args[0] | string | `"--tls-cert-file-path=/tls/tls.crt"` | |
|
||||||
| webhook.args[1] | string | `"--tls-key-file-path=/tls/tls.key"` | |
|
| webhook.args[1] | string | `"--tls-key-file-path=/tls/tls.key"` | |
|
||||||
@ -157,6 +175,24 @@ All notable changes to this application Helm chart will be documented in this fi
|
|||||||
|
|
||||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
### [2.0.0]
|
||||||
|
|
||||||
|
#### Added
|
||||||
|
|
||||||
|
- N/A
|
||||||
|
|
||||||
|
#### Changed
|
||||||
|
|
||||||
|
- run gateway init container as privileged
|
||||||
|
- configmap is now a dictionary instead of a long string
|
||||||
|
- only modifed settings need to be specified
|
||||||
|
|
||||||
|
#### Removed
|
||||||
|
|
||||||
|
- N/A
|
||||||
|
|
||||||
|
[1.0.2]: #1.0.2
|
||||||
|
|
||||||
### [1.0.1]
|
### [1.0.1]
|
||||||
|
|
||||||
#### Added
|
#### Added
|
||||||
|
@ -9,6 +9,24 @@ All notable changes to this application Helm chart will be documented in this fi
|
|||||||
|
|
||||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
### [2.0.0]
|
||||||
|
|
||||||
|
#### Added
|
||||||
|
|
||||||
|
- N/A
|
||||||
|
|
||||||
|
#### Changed
|
||||||
|
|
||||||
|
- run gateway init container as privileged
|
||||||
|
- configmap is now a dictionary instead of a long string
|
||||||
|
- only modifed settings need to be specified
|
||||||
|
|
||||||
|
#### Removed
|
||||||
|
|
||||||
|
- N/A
|
||||||
|
|
||||||
|
[1.0.2]: #1.0.2
|
||||||
|
|
||||||
### [1.0.1]
|
### [1.0.1]
|
||||||
|
|
||||||
#### Added
|
#### Added
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
{{- if .Values.configmap.enabled | default true -}}
|
{{- range $namespace := append .Values.routed_namespaces .Release.Namespace }}
|
||||||
{{- range $namespace := append .Values.configmap.namespaces .Release.Namespace }}
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
@ -9,6 +8,23 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
{{- include "common.labels" $ | nindent 4 }}
|
{{- include "common.labels" $ | nindent 4 }}
|
||||||
data:
|
data:
|
||||||
{{- $.Values.configmap.data | toYaml | nindent 2 }}
|
settings.sh: |
|
||||||
{{- end -}}
|
#!/bin/sh
|
||||||
|
# Generated by {{ include "common.names.fullname" $ }}
|
||||||
|
{{- range $key, $value := $.Values.settings }}
|
||||||
|
{{ $key }}={{ $value | quote }}
|
||||||
|
{{- end }}
|
||||||
|
nat.conf: |
|
||||||
|
# Generated by {{ include "common.names.fullname" $ }}
|
||||||
|
{{- range $entry := $.Values.publicPorts }}
|
||||||
|
{{ $entry.hostname | required "Missing hostname" }} {{ $entry.IP | required "Missing IP" }}
|
||||||
|
{{- range $index, $port := $entry.ports -}}
|
||||||
|
{{- if eq $index 0 -}}
|
||||||
|
{{- print " " -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- print "," -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- $port.type | required "Missing port type" }}:{{ $port.port | required "Missing port number" -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -41,9 +41,7 @@ spec:
|
|||||||
- --webhook-listen-address=:{{ .Values.webhook.service.port.port |toString }}
|
- --webhook-listen-address=:{{ .Values.webhook.service.port.port |toString }}
|
||||||
- --gateway={{ include "pod-gateway.gateway" . }}
|
- --gateway={{ include "pod-gateway.gateway" . }}
|
||||||
- --DNS={{ .Values.DNS }}
|
- --DNS={{ .Values.DNS }}
|
||||||
{{- if .Values.configmap.enabled }}
|
|
||||||
- --configmapName={{ include "pod-gateway.configmap" . }}
|
- --configmapName={{ include "pod-gateway.configmap" . }}
|
||||||
{{- end}}
|
|
||||||
{{- if ( include "pod-gateway.webhook-inserted-init-repository" . ) }}
|
{{- if ( include "pod-gateway.webhook-inserted-init-repository" . ) }}
|
||||||
- --initImage={{ include "pod-gateway.webhook-inserted-init-repository" . }}
|
- --initImage={{ include "pod-gateway.webhook-inserted-init-repository" . }}
|
||||||
- --initImagePullPol={{ include "pod-gateway.webhook-inserted-init-pullPolicy" . }}
|
- --initImagePullPol={{ include "pod-gateway.webhook-inserted-init-pullPolicy" . }}
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
image:
|
image:
|
||||||
repository: ghcr.io/k8s-at-home/pod-gateway
|
repository: ghcr.io/k8s-at-home/pod-gateway
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: v1.1.0
|
tag: v1.2.3
|
||||||
|
|
||||||
# -- IP address of the DNS server within the vxlan tunnel.
|
# -- IP address of the DNS server within the vxlan tunnel.
|
||||||
# All mutated PODs will get this as their DNS server.
|
# All mutated PODs will get this as their DNS server.
|
||||||
@ -18,57 +18,78 @@ DNS: 172.16.0.1
|
|||||||
# -- cluster name used to derive the gateway full name
|
# -- cluster name used to derive the gateway full name
|
||||||
clusterName: "cluster.local"
|
clusterName: "cluster.local"
|
||||||
|
|
||||||
configmap:
|
# -- Namespaces that might contain routed PODs and therefore
|
||||||
# -- configmap contains clients and gateway PODs setting
|
# require a copy of the gneerated settings configmap.
|
||||||
enabled: true
|
routed_namespaces: []
|
||||||
# -- Namespaces to create the configmap to.
|
# - vpn
|
||||||
# It must list all namespaces where client PODs get deployed to.
|
|
||||||
# The chart namespace is added automatically
|
|
||||||
namespaces: []
|
|
||||||
data:
|
|
||||||
# -- settings for gateway - defaults should usually be good
|
|
||||||
# NOTE: if you change it you will need to manually restart all
|
|
||||||
# containers using it
|
|
||||||
settings.sh: |
|
|
||||||
#!/bin/sh
|
|
||||||
# hostname of the gateway - it must accept vxlan and DHCP traffic
|
|
||||||
# clients get it as env variable
|
|
||||||
GATEWAY_NAME="${gateway}"
|
|
||||||
# K8S DNS IP address
|
|
||||||
# clients get it as env variable
|
|
||||||
K8S_DNS_IPS="${K8S_DNS_ips}"
|
|
||||||
|
|
||||||
# Vxlan ID to use
|
settings:
|
||||||
VXLAN_ID="42"
|
# -- IPs not sent to the POD gateway but to the default K8S.
|
||||||
# VXLAN need an /24 IP range not conflicting with K8S and local IP ranges
|
# Multiple CIDRs can be specified using blanks as separator.
|
||||||
VXLAN_IP_NETWORK="172.16.0"
|
# Example for Calico: ""172.22.0.0/16 172.24.0.0/16"
|
||||||
# Gateway IP within the VXLAN - client PODs will be routed through it
|
#
|
||||||
VXLAN_GATEWAY_IP="${VXLAN_IP_NETWORK}.1"
|
# This is needed, for example, in case your CNI does
|
||||||
# Keep a range of IPs for static assignment in nat.conf
|
# not add a non-default rule for the K8S addresses (Flannel does).
|
||||||
VXLAN_GATEWAY_FIRST_DYNAMIC_IP=20
|
NOT_ROUTED_TO_GATEWAY_CIDRS: ""
|
||||||
|
|
||||||
# If using a VPN, interface name created by it
|
# -- Vxlan ID to use
|
||||||
VPN_INTERFACE=tun0
|
VXLAN_ID: 42
|
||||||
# Prevent non VPN traffic to leave the gateway
|
# -- VXLAN needs an /24 IP range not conflicting with K8S and local IP ranges
|
||||||
VPN_BLOCK_OTHER_TRAFFIC=false
|
VXLAN_IP_NETWORK: "172.16.0"
|
||||||
# Traffic to these IPs will be send through the K8S gateway
|
# -- Keep a range of IPs for static assignment in nat.conf
|
||||||
VPN_LOCAL_CIDRS="10.0.0.0/8 192.168.0.0/16"
|
VXLAN_GATEWAY_FIRST_DYNAMIC_IP: 20
|
||||||
|
|
||||||
# DNS queries to these domains will be resolved by K8S DNS instead of
|
# -- If using a VPN, interface name created by it
|
||||||
# the default (typcally the VPN client changes it)
|
VPN_INTERFACE: tun0
|
||||||
DNS_LOCAL_CIDRS="local"
|
# -- Prevent non VPN traffic to leave the gateway
|
||||||
|
VPN_BLOCK_OTHER_TRAFFIC: false
|
||||||
|
# -- If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port
|
||||||
|
VPN_TRAFFIC_PORT: 443
|
||||||
|
# -- Traffic to these IPs will be send through the K8S gateway
|
||||||
|
VPN_LOCAL_CIDRS: "10.0.0.0/8 192.168.0.0/16"
|
||||||
|
|
||||||
# -- settings to expose ports, usually through a VPN provider
|
# -- DNS queries to these domains will be resolved by K8S DNS instead of
|
||||||
# NOTE: if you change it you will need to manually restart all
|
# the default (typcally the VPN client changes it)
|
||||||
# containers using it
|
DNS_LOCAL_CIDRS: "local"
|
||||||
nat.conf: |
|
|
||||||
# Configure client PODs with static IP addresses
|
# -- settings to expose ports, usually through a VPN provider.
|
||||||
# and ports exposed through NAT
|
# NOTE: if you change it you will need to manually restart the gateway POD
|
||||||
# static IPs must be bellow VXLAN_GATEWAY_FIRST_DYNAMIC_IP
|
publicPorts:
|
||||||
#
|
# - hostname: qbittorrent
|
||||||
# hostname IP ports(coma separated)
|
# IP: 10
|
||||||
# Example:
|
# ports:
|
||||||
# transmission 10 tcp:18289,udp:18289
|
# - type: udp
|
||||||
|
# port: 18289
|
||||||
|
# - type: tcp
|
||||||
|
# port: 18289
|
||||||
|
|
||||||
|
addons:
|
||||||
|
vpn:
|
||||||
|
# -- Enable the VPN if you want to route through a VPN.
|
||||||
|
# You might also want to set VPN_BLOCK_OTHER_TRAFFIC to true
|
||||||
|
# for extra safeness in case the VPN does connect
|
||||||
|
enabled: false
|
||||||
|
type: openvpn
|
||||||
|
openvpn:
|
||||||
|
wireguard:
|
||||||
|
env:
|
||||||
|
configFileSecret: openvpn
|
||||||
|
networkPolicy:
|
||||||
|
enabled: true
|
||||||
|
egress:
|
||||||
|
# Allow only VPN traffic to Internet
|
||||||
|
- to:
|
||||||
|
- ipBlock:
|
||||||
|
cidr: 0.0.0.0/0
|
||||||
|
ports:
|
||||||
|
# VPN traffic (default OpenVPN)
|
||||||
|
- port: 443
|
||||||
|
protocol: UDP
|
||||||
|
# Allow any traffic within k8s
|
||||||
|
- to:
|
||||||
|
- ipBlock:
|
||||||
|
# Cluster IPs (default k3s)
|
||||||
|
cidr: 10.0.0.0/8
|
||||||
|
|
||||||
|
|
||||||
# You should not need to change the settings bellow this
|
# You should not need to change the settings bellow this
|
||||||
@ -99,9 +120,7 @@ initContainers:
|
|||||||
command:
|
command:
|
||||||
- /bin/gateway_init.sh
|
- /bin/gateway_init.sh
|
||||||
securityContext:
|
securityContext:
|
||||||
capabilities:
|
privileged: true
|
||||||
add:
|
|
||||||
- NET_ADMIN
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /config
|
mountPath: /config
|
||||||
|
Loading…
Reference in New Issue
Block a user