Skip to content

Commit 4589abe

Browse files
bergerhofferbergerhoffer
authored
Merge pull request #30273 from bergerhoffer/OSDOCS-1819
OSDOCS-1819: Noting control plane pods require root permissions
2 parents d8cfb1d + 4fa34e2 commit 4589abe

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

modules/architecture-machine-roles.adoc

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,3 +80,10 @@ Systemd services are appropriate for services that you need to always come up on
8080
* Kubelet (kubelet), which accepts requests for managing containers on the machine from master services.
8181

8282
CRI-O and Kubelet must run directly on the host as systemd services because they need to be running before you can run other containers.
83+
84+
The [x-]`installer-*` and [x-]`revision-pruner-*` control plane pods must run with root permissions because they write to the `/etc/kubernetes` directory, which is owned by the root user. These pods are in the following namespaces:
85+
86+
* `openshift-etcd`
87+
* `openshift-kube-apiserver`
88+
* `openshift-kube-controller-manager`
89+
* `openshift-kube-scheduler`

0 commit comments

Comments
 (0)