Can I run privileged containers in Gravity?


Ported from support slack

What about privileged containers and hostMode? I require loading of kernel modules from within a container, that’s why I need privileged


There is no need to turn on privileged in apiserver with gravity if you want to add extra capabilities to the containers, for example:

              * Load and unload kernel modules (see init_module(2) and
              * in kernels before 2.6.25: drop capabilities from the system-
                wide capability bounding set.```

Could be added through Pod security policies.


If you would still have to add privleged=true, right now you would have to patch systemd unit spec inside gravity:

$ sed -i 's/allow-privileged=false/allow-privileged=true/g' /lib/systemd/system/kube-*
$ systemctl daemon-reload
$ systemctl restart 'kube-*'

The upcoming release will support ClusterConfiguration resource to set this and other parameters in the apiserver after the install.