ci: Skip SELinux relabel on start
dustin/airplaypi/pipeline/head Something is wrong with the build of this commit
Details
dustin/airplaypi/pipeline/head Something is wrong with the build of this commit
Details
By default, CRI-O assigns a random SELinux category to every pod, and then must adjust the label of every file and directory in the persistent volume to match. For very large volumes like a Buildroot output directory, this can take quite some time. Fortunately, if we assign a static category, we can tell CRI-O to skip the relabel step.
parent
1f1a9ed621
commit
6b6fa0f882
|
|
@ -1,3 +1,6 @@
|
|||
metadata:
|
||||
annotations:
|
||||
io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel: 'true'
|
||||
spec:
|
||||
containers:
|
||||
- name: build
|
||||
|
|
@ -13,6 +16,8 @@ spec:
|
|||
subPath: ssh_known_hosts
|
||||
securityContext:
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
seLinuxOptions:
|
||||
level: s0:c596,c675
|
||||
volumes:
|
||||
- name: ssh-known-hosts
|
||||
configMap:
|
||||
|
|
|
|||
Loading…
Reference in New Issue