Merge pull request #20 from mfojtik/add-locking-2

fix selinux errors in lock dirs

Author: openshift-merge-robot

bindata/bootkube/bootstrap-manifests/kube-controller-manager-pod.yaml

@@ -13,7 +13,6 @@ spec:
   hostNetwork: true
   securityContext:
     supplementalGroups: [65534]
-    privileged: true
   initContainers:
   - name: setup-lock-dir
     image: {{ .Image }}
@@ -32,6 +31,10 @@ spec:
       name: var-lock
   containers:
   - name: kube-controller-manager
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+      privileged: true
     image: {{ .Image }}
     imagePullPolicy: {{ .ImagePullPolicy }}
     command: ["/usr/bin/flock", "--exclusive", "--timeout=60", "/var/lock/controller-manager.lock", "-c"]

bindata/bootkube/manifests/kube-controller-manager-daemonset.yaml

@@ -31,7 +31,7 @@ spec:
         imagePullPolicy: {{ .ImagePullPolicy }}
         command: ["/usr/bin/flock", "--exclusive", "--timeout=60", "/var/lock/controller-manager.lock", "-c"]
         args:
-        - exec hyperkube kube-controller-manager --openshift-config=/etc/kubernetes/config/{{ .ConfigFileName }} --kubeconfig=/etc/kubernetes/secrets/kubeconfig --master=https://kubernetes.default.svc
+        - exec hyperkube kube-controller-manager --openshift-config=/etc/kubernetes/config/{{ .ConfigFileName }} --kubeconfig=/etc/kubernetes/secrets/kubeconfig
         securityContext:
           runAsNonRoot: true
           runAsUser: 65534