diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2021-03-21 03:26:29 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2021-03-21 03:26:29 +0100 |
| commit | ef35b4b5e161b786e9728a6b4b5c5c1c188096b3 (patch) | |
| tree | 215bc4b655207b40c385291cdbe0be306f0d8296 | |
| parent | add coturn server for glt (diff) | |
update info about coturn privileged ports as non-root hack
| -rw-r--r-- | roles/apps/coturn/tasks/privileged-ports-hack.yml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/roles/apps/coturn/tasks/privileged-ports-hack.yml b/roles/apps/coturn/tasks/privileged-ports-hack.yml index bafff0aa..6025b7e7 100644 --- a/roles/apps/coturn/tasks/privileged-ports-hack.yml +++ b/roles/apps/coturn/tasks/privileged-ports-hack.yml @@ -1,10 +1,10 @@ --- -### This hack is necessary becasue: https://github.com/kubernetes/kubernetes/issues/56374 and https://github.com/moby/moby/issues/8460 -### at the moment there are two possible workarounds: +### This hack is necessary because: https://github.com/kubernetes/kubernetes/issues/56374 and https://github.com/moby/moby/issues/8460. +### AFAIK there are two possible workarounds at the moment: ## - Setting sysctl net.ipv4.ip_unprivileged_port_start=0. ## This does not work because kubelet would not allow this for containers using host networking (and actually this would be a bad idea anyway). ## - Adding the CAP_NET_BIND_SERVICE capability on the turnserver binary file inside the container. -## This what we are doning here. +## This is what we are doing here - at least until the upstream container includes this: https://github.com/instrumentisto/coturn-docker-image/issues/40 - name: create build directory for custom image file: |