github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
103,255 Commits 1 Branch 31 Tags 1,019 MiB
5ba76eb911
Commit Graph

29 Commits

Author SHA1 Message Date
yxxhero
5ba76eb911 fix typo 
Signed-off-by: yxxhero <aiopsclub@163.com>
 2021-09-14 09:03:29 +08:00
yxxhero
2f448a0789 fix oomkilled description 
Signed-off-by: yxxhero <aiopsclub@163.com>
 2021-09-03 22:07:46 +08:00
yxxhero
71a91d55cb update func description 2021-09-03 07:20:28 +08:00
yxxhero
afde4c8bc4 fix init container oomkilled as a failure 
Signed-off-by: yxxhero <aiopsclub@163.com>
 2021-09-03 07:04:57 +08:00
Sascha Grunert
46077e6be7
Remove deprecated --seccomp-profile-root/seccompProfileRoot configuration 
The configuration is deprecated and targets removal for v1.23. Tests
cases have been changed as well.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-08-31 09:55:28 +02:00
Sascha Grunert
8b7003aff4
Add SeccompDefault feature 
This adds the gate `SeccompDefault` as new alpha feature. Seccomp path
and field fallbacks are now passed to the helper functions, whereas unit
tests covering those code paths have been added as well.

Beside enabling the feature gate, the feature has to be enabled by the
`SeccompDefault` kubelet configuration or its corresponding
`--seccomp-default` CLI flag.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

Apply suggestions from code review

Co-authored-by: Paulo Gomes <pjbgf@linux.com>
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-06-23 10:22:57 +02:00
Mrunal Patel
32b9ac7d0c kubelet: Use CRI SecurityProfile for Seccomp 
We set both the old and the new fields for now and will
remove the old field in the next release.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
 2020-11-05 15:43:29 -08:00
Paulo Gomes
8976e3620f
Add seccomp enforcement and validation based on new GA fields 
Adds seccomp validation.

This ensures that field and annotation values must match when present.

Co-authored-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-06 09:13:25 +01:00
Lee Verberne
cbbe7d1bb9 Remove checks for PodShareProcessNamespace feature gate 2019-10-31 17:15:23 +00:00
Andrew Kim
c919139245 update import of generic featuregate code from k8s.io/apiserver/pkg/util/feature -> k8s.io/component-base/featuregate 2019-05-08 10:01:50 -04:00
Davanum Srinivas
33081c1f07
New staging repository for cri-api 
Change-Id: I2160b0b0ec4b9870a2d4452b428e395bbe12afbb
 2019-03-26 18:21:04 -04:00
Jordan Liggitt
70ad4dff48 Fix unit tests calling SetFeatureGateDuringTest incorrectly 2018-11-21 11:51:33 -05:00
Jan Chaloupka
ab616a88b9 Promote sysctl annotations to API fields 2018-06-05 23:17:00 +02:00
Zhen Wang
e102633ae8 Change docker/default to runtime/default 2018-04-19 10:39:53 -07:00
Lee Verberne
b9e8a8a6de Set shared PID namespace mode based on PodSpec 2018-02-22 03:51:35 +01:00
Lee Verberne
8835f54480 kubelet: add support for pod PID namespace sharing 
This adds the logic for sending a NamespaceMode_POD to the runtime, but
leaves it disconnected pending https://issues.k8s.io/58716.
 2018-02-08 16:58:07 +01:00
Lee Verberne
e10042d22f Increment CRI version from v1alpha1 to v1alpha2 
This also incorporates the version string into the package name so
that incompatibile versions will fail to connect.

Arbitrary choices:
- The proto3 package name is runtime.v1alpha2. The proto compiler
  normally translates this to a go package of "runtime_v1alpha2", but
  I renamed it to "v1alpha2" for consistency with existing packages.
- kubelet/apis/cri is used as "internalapi". I left it alone and put the
  public "runtimeapi" in kubelet/apis/cri/runtime.
 2018-02-07 09:06:26 +01:00
Lee Verberne
0f1de41790 Update kubelet for enumerated CRI namespaces 
This adds support to both the Generic Runtime Manager and the
dockershim for the CRI's enumerated namespaces.
 2018-02-07 09:06:26 +01:00
Pengfei Ni
2a2a875686 Fix incorrect localhost seccomp profile path 2017-11-22 02:49:23 +00:00
Shiyang Wang
9a96ff94af follow our go code style: error->err 2017-07-07 09:34:38 +08:00
Chao Xu
60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu
f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
Pengfei Ni
22e99504d7 Update CRI references 2017-06-09 10:16:40 +08:00
enxebre
14be65c74b Improving test coverage for kubelet/kuberuntime. 2017-06-01 09:43:15 +02:00
Random-Liu
4935e119da Fix kuberuntime GetPods. 2017-05-19 11:47:45 -07:00
Pengfei Ni
8bc6e59278 kuberuntime: set sysctls for sandbox config 2017-05-15 12:52:38 +08:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Chao Xu
5e1adf91df cmd/kubelet 2016-11-23 15:53:09 -08:00
Yu-Ju Hong
cb57dc4cb5 kuberuntime: include container hash in backoff keys 
We should reset the backoff if the content of the container has been updated.
 2016-09-23 14:52:30 -07:00