From 8eea7664d55693dddd88e290b29617b1400f6161 Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Tue, 24 Jan 2023 13:48:45 -0500 Subject: [PATCH 1/2] Update MetalLB how to with instructions for k8s 1.25+ --- docs/howto_load_balancer.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/howto_load_balancer.md b/docs/howto_load_balancer.md index d668745e43..9f31d588fe 100644 --- a/docs/howto_load_balancer.md +++ b/docs/howto_load_balancer.md @@ -18,7 +18,9 @@ oc get pods -A Log into the virtual machine and run the following commands to create the `MetalLB` namespace and deployment. ``` -oc apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.4/config/manifests/metallb-native.yaml +oc apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml +oc adm policy add-scc-to-user privileged -z controller -n metallb-system +oc adm policy add-scc-to-user privileged -z speaker -n metallb-system ``` Verify that the `MetalLB` pods are up and running in the `metallb-system` namespace. From 1c536fc814b85a1dd118daf4f5d107338833d9bc Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Wed, 25 Jan 2023 14:43:52 -0500 Subject: [PATCH 2/2] Update MetalLB how to with additional nginx instructions --- docs/config/nginx-IP-header.yaml | 2 ++ docs/howto_load_balancer.md | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/config/nginx-IP-header.yaml b/docs/config/nginx-IP-header.yaml index 8054e15d12..c5f1269352 100644 --- a/docs/config/nginx-IP-header.yaml +++ b/docs/config/nginx-IP-header.yaml @@ -30,6 +30,8 @@ spec: - name: nginx-configs subPath: headers.conf mountPath: /etc/nginx/conf.d/headers.conf + securityContext: + runAsUser: 0 volumes: - name: nginx-configs configMap: diff --git a/docs/howto_load_balancer.md b/docs/howto_load_balancer.md index 9f31d588fe..d1438e8e49 100644 --- a/docs/howto_load_balancer.md +++ b/docs/howto_load_balancer.md @@ -48,11 +48,12 @@ EOF ``` ## Install User Workload -Log into the virtual machine and create the namespace to be used for deploying the test application. +Log into the virtual machine and create the namespace to be used for deploying the test application. Be aware that this test application will run as root user, which is not a security best practice. ```bash NAMESPACE=nginx-lb-test oc create ns $NAMESPACE +oc adm policy add-scc-to-user privileged -z default -n $NAMESPACE ``` Run the following command to deploy **3 replicas** of a test `nginx` application in the specified namespace.