Set all sources so node+agent in the same process doesn't get restricted

This commit is contained in:
Darren Shepherd
2019-02-07 20:52:26 -07:00
committed by rafaelbreno[commit]
parent 8e2b47c3d4
commit 65014334a1

View File

@@ -18,6 +18,8 @@ package capabilities
import ( import (
"sync" "sync"
"k8s.io/kubernetes/pkg/kubelet/types"
) )
// Capabilities defines the set of capabilities available within the system. // Capabilities defines the set of capabilities available within the system.
@@ -62,8 +64,16 @@ func Initialize(c Capabilities) {
// Setup the capability set. It wraps Initialize for improving usability. // Setup the capability set. It wraps Initialize for improving usability.
func Setup(allowPrivileged bool, perConnectionBytesPerSec int64) { func Setup(allowPrivileged bool, perConnectionBytesPerSec int64) {
all, _ := types.GetValidatedSources([]string{types.AllSource})
Initialize(Capabilities{ Initialize(Capabilities{
AllowPrivileged: allowPrivileged, AllowPrivileged: allowPrivileged,
// TODO(vmarmol): Implement support for HostNetworkSources.
PrivilegedSources: PrivilegedSources{
HostNetworkSources: all,
HostPIDSources: all,
HostIPCSources: all,
},
PerConnectionBandwidthLimitBytesPerSec: perConnectionBytesPerSec, PerConnectionBandwidthLimitBytesPerSec: perConnectionBytesPerSec,
}) })
} }