Can I run privileged containers in Gravity?


Ported from support slack

What about privileged containers and hostMode? I require loading of kernel modules from within a container, that’s why I need privileged


There is no need to turn on privileged in apiserver with gravity if you want to add extra capabilities to the containers, for example:

              * Load and unload kernel modules (see init_module(2) and
              * in kernels before 2.6.25: drop capabilities from the system-
                wide capability bounding set.```

Could be added through Pod security policies.


If you would still have to add privleged=true, right now you would have to patch systemd unit spec inside gravity:

$ sed -i 's/allow-privileged=false/allow-privileged=true/g' /lib/systemd/system/kube-*
$ systemctl daemon-reload
$ systemctl restart 'kube-*'

The upcoming release will support ClusterConfiguration resource to set this and other parameters in the apiserver after the install.



(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)