Disable Gravity Cluster Lockdown

Hi,
I understand Gravity is locked down by default. Is it possible to disable this in any way. I think I understand the consequences of disabling it.

In my install script, I have tried:

alias k="/usr/local/bin/kubectl"
k delete psp restricted
k delete psp privileged

but that didn’t work.

Hi @RAbraham,

Gravity relies pretty heavily on Kubernetes RBAC authentication/authorization mechanisms so it is not possible to completely disable it. What are you trying to achieve? If you must run privileged containers (which is the most common reason people usually want to lift the lockdown), there is a way to do that now: https://gravitational.com/gravity/docs/faq/#running-privileged-containers.

Let me know if that helps,
Roman

Hi @r0mant,
Thank you for replying. Sorry for the late reply. I was on another task and had to context switch…

It now works as I’ve figured out how to use serviceaccount and link a PSP to it. I had tried that previously and it didn’t work and in my deadlines to get work done, I asked the above question. I still have problems combining helm installs with a serviceaccount(linked to a PSP) but that’s a different question.

Thank you again for your reply.