From a01c487a6e16bdc7c2bef25e3414c3720368b7ca Mon Sep 17 00:00:00 2001 From: Sergiusz Bazanski Date: Thu, 5 Sep 2019 18:00:02 +0200 Subject: [PATCH] cluster: allow insecure pods in rook-ceph-system This is required for the agent to start a socket on each host for kubelet-to-rook access. Change-Id: I78529df81185aeaacdcb494138f72f0224a029c6 --- cluster/kube/lib/rook.libsonnet | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cluster/kube/lib/rook.libsonnet b/cluster/kube/lib/rook.libsonnet index 98732b07..92daf1a7 100644 --- a/cluster/kube/lib/rook.libsonnet +++ b/cluster/kube/lib/rook.libsonnet @@ -1,6 +1,7 @@ # Deploy Rook/Ceph Operator local kube = import "../../../kube/kube.libsonnet"; +local policies = import "../../../kube/policies.libsonnet"; { Operator: { @@ -21,6 +22,8 @@ local kube = import "../../../kube/kube.libsonnet"; namespace: kube.Namespace(cfg.namespace), + policyInsecure: policies.AllowNamespaceInsecure(cfg.namespace), + crds: { cephclusters: kube.CustomResourceDefinition("ceph.rook.io", "v1", "CephCluster") { spec+: {