crate · juanpardo · Jul 15, 2024 · May 29, 2024
@@ -9,6 +9,8 @@ Unreleased
 
 * Changed the ``node.attr.zone`` parameter for AWS to use IMDSv2.
 
+* Added explicit security context capabilities for compatibility with cri-o.
+
 2.39.0 (2024-05-22)
 -------------------
 

@@ -33,6 +33,7 @@
     CoreV1Api,
     PolicyV1Api,
     V1Affinity,
+    V1Capabilities,
     V1ConfigMap,
     V1ConfigMapVolumeSource,
     V1Container,
@@ -363,6 +364,9 @@ def get_statefulset_containers(
                 },
             ),
             volume_mounts=crate_volume_mounts,
+            security_context=V1SecurityContext(
+                capabilities=V1Capabilities(add=["SYS_CHROOT"])
+            ),
         ),
     ]