Update kubelet for enumerated CRI namespaces

This adds support to both the Generic Runtime Manager and the
dockershim for the CRI's enumerated namespaces.
This commit is contained in:
Lee Verberne
2018-01-26 18:35:10 +01:00
parent f4ab2b6331
commit 0f1de41790
10 changed files with 150 additions and 90 deletions

View File

@@ -48,11 +48,7 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po
}
// set namespace options and supplemental groups.
synthesized.NamespaceOptions = &runtimeapi.NamespaceOption{
HostNetwork: pod.Spec.HostNetwork,
HostIpc: pod.Spec.HostIPC,
HostPid: pod.Spec.HostPID,
}
synthesized.NamespaceOptions = namespacesForPod(pod)
podSc := pod.Spec.SecurityContext
if podSc != nil {
if podSc.FSGroup != nil {