pid mode
This commit is contained in:
Paul Weil
@@ -93,6 +93,7 @@ type KubeletServer struct {
|
||||
HealthzPort int
|
||||
HostnameOverride string
|
||||
HostNetworkSources string
|
||||
HostPIDSources string
|
||||
HTTPCheckFrequency time.Duration
|
||||
ImageGCHighThresholdPercent int
|
||||
ImageGCLowThresholdPercent int
|
||||
@@ -170,6 +171,7 @@ func NewKubeletServer() *KubeletServer {
|
||||
HealthzBindAddress: net.ParseIP("127.0.0.1"),
|
||||
HealthzPort: 10248,
|
||||
HostNetworkSources: kubelet.FileSource,
|
||||
HostPIDSources: kubelet.FileSource,
|
||||
HTTPCheckFrequency: 20 * time.Second,
|
||||
ImageGCHighThresholdPercent: 90,
|
||||
ImageGCLowThresholdPercent: 80,
|
||||
@@ -222,6 +224,7 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) {
|
||||
fs.StringVar(&s.RootDirectory, "root-dir", s.RootDirectory, "Directory path for managing kubelet files (volume mounts,etc).")
|
||||
fs.BoolVar(&s.AllowPrivileged, "allow-privileged", s.AllowPrivileged, "If true, allow containers to request privileged mode. [default=false]")
|
||||
fs.StringVar(&s.HostNetworkSources, "host-network-sources", s.HostNetworkSources, "Comma-separated list of sources from which the Kubelet allows pods to use of host network. For all sources use \"*\" [default=\"file\"]")
|
||||
fs.StringVar(&s.HostPIDSources, "host-pid-sources", s.HostPIDSources, "Comma-separated list of sources from which the Kubelet allows pods to use the host pid namespace. For all sources use \"*\" [default=\"file\"]")
|
||||
fs.Float64Var(&s.RegistryPullQPS, "registry-qps", s.RegistryPullQPS, "If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=0.0]")
|
||||
fs.IntVar(&s.RegistryBurst, "registry-burst", s.RegistryBurst, "Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0")
|
||||
fs.Float32Var(&s.EventRecordQPS, "event-qps", s.EventRecordQPS, "If > 0, limit event creations per second to this value. If 0, unlimited. [default=0.0]")
|
||||
@@ -278,6 +281,11 @@ func (s *KubeletServer) KubeletConfig() (*KubeletConfig, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
hostPIDSources, err := kubelet.GetValidatedSources(strings.Split(s.HostPIDSources, ","))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
mounter := mount.New()
|
||||
if s.Containerized {
|
||||
glog.V(2).Info("Running kubelet in containerized mode (experimental)")
|
||||
@@ -342,6 +350,7 @@ func (s *KubeletServer) KubeletConfig() (*KubeletConfig, error) {
|
||||
FileCheckFrequency: s.FileCheckFrequency,
|
||||
HostnameOverride: s.HostnameOverride,
|
||||
HostNetworkSources: hostNetworkSources,
|
||||
HostPIDSources: hostPIDSources,
|
||||
HTTPCheckFrequency: s.HTTPCheckFrequency,
|
||||
ImageGCPolicy: imageGCPolicy,
|
||||
KubeClient: nil,
|
||||
@@ -673,6 +682,7 @@ func RunKubelet(kcfg *KubeletConfig, builder KubeletBuilder) error {
|
||||
|
||||
privilegedSources := capabilities.PrivilegedSources{
|
||||
HostNetworkSources: kcfg.HostNetworkSources,
|
||||
HostPIDSources: kcfg.HostPIDSources,
|
||||
}
|
||||
capabilities.Setup(kcfg.AllowPrivileged, privilegedSources, 0)
|
||||
|
||||
@@ -766,6 +776,7 @@ type KubeletConfig struct {
|
||||
Hostname string
|
||||
HostnameOverride string
|
||||
HostNetworkSources []string
|
||||
HostPIDSources []string
|
||||
HTTPCheckFrequency time.Duration
|
||||
ImageGCPolicy kubelet.ImageGCPolicy
|
||||
KubeClient *client.Client
|
||||
|
||||
Reference in New Issue
Block a user