github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add sysctl whitelist on the node

Browse Source
This commit is contained in:
Dr. Stefan Schimanski
2016-08-19 10:53:25 +02:00
parent ed36baed20
commit e356e52247
13 changed files with 489 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/apis/componentconfig/types.go
View File

@@ -419,6 +419,8 @@ type KubeletConfiguration struct {
// iptablesDropBit is the bit of the iptables fwmark space to use for dropping packets. Kubelet will ensure iptables mark and drop rules.
// Values must be within the range [0, 31]. Must be different from IPTablesMasqueradeBit
IPTablesDropBit int32 `json:"iptablesDropBit"`
// Whitelist of unsafe sysctls or sysctl patterns (ending in *).
AllowedUnsafeSysctls []string `json:"experimentalAllowedUnsafeSysctls,omitempty"`
}
type KubeSchedulerConfiguration struct {

3
pkg/apis/componentconfig/v1alpha1/types.go
View File

@@ -474,4 +474,7 @@ type KubeletConfiguration struct {
// iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets.
// Values must be within the range [0, 31]. Must be different from other mark bits.
IPTablesDropBit *int32 `json:"iptablesDropBit"`
// Whitelist of unsafe sysctls or sysctl patterns (ending in *). Use these at your own risk.
// Resource isolation might be lacking and pod might influence each other on the same node.
AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"`
}