kubernetes/kubelet at 06cbb29e9e9b10c371347d2457ff8708f4a9e9f5 - kubernetes - Gitea: Git with a cup of tea

github/kubernetes

Files

History

Kubernetes Submit Queue 17787eb6f2 Merge pull request #31557 from timstclair/aa-event

Automatic merge from submit-queue

Include security options in the container created event

New container creation events look like:
```
Created container with docker id /k8s_bar2.a4; Security:[seccomp=sub/subtest(md5:07c9bcb4db631f7ca191d6e0bca49f76)]

Created container with docker id /k8s_bar2.a4; Security:[seccomp=unconfined apparmor=foo-profile]
```

The goal is to provide enough information to confirm that the requseted security constraints were honored.

For https://github.com/kubernetes/kubernetes/issues/31284

/cc @dchen1107 @thockin @jfrazelle @pweil- @pmorie

---

Justification for v1.4:

- Risk: low. This appends some additional information to a human readable message. A bug here would probably not break any functionality
- Roll-back: I don't anticipate any more changes to this area of the code. No functionality depends on this change.
- Cost of not including: Users don't get any (positive) confirmation that the AppArmor or Seccomp profile they requested were actually enabled.

2016-08-30 01:35:33 -07:00

..

Merge pull request #30753 from feiskyer/sandbox-name

2016-08-22 19:41:44 -07:00

Filter internal Kubernetes labels from Prometheus metrics

2016-08-22 19:44:27 -04:00

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

Create testable implementation of sysctl

2016-08-23 01:42:37 -04:00

Convert() should accept the new conversion Context value

2016-08-18 14:45:20 -04:00

rkt: Refactoring the construction of the mount points.

2016-08-19 13:09:27 -07:00

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

Kubelet: pass pod name/namespace/uid to runtimes

2016-08-23 07:33:15 +08:00

Include security options in the container created event

2016-08-26 15:32:48 -07:00

Use Go canonical import paths

2016-07-16 13:48:21 -04:00

Add Events for operation_executor to show status of mounts, failed or successful

2016-08-17 09:53:47 -04:00

Merge pull request #31523 from derekwaynecarr/imagefs-observations

2016-08-27 02:58:42 -07:00

pkg/kubelet/images: fix struct initialization

2016-08-19 16:52:52 +03:00

Merge pull request #31091 from feiskyer/kuberuntime-getnetns

2016-08-24 13:40:40 -07:00

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

Remove apparmor dependency on pkg/kubelet/lifecycle

2016-08-21 20:59:11 -07:00

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

Merge pull request #28717 from freehan/ebtable

2016-08-25 19:12:09 -07:00

Fix various typos in kubelet

2016-08-03 01:14:44 +03:00

Fix various typos in kubelet

2016-08-03 01:14:44 +03:00

Always return exec command output

2016-08-17 16:21:19 -04:00

Use Go canonical import paths

2016-07-16 13:48:21 -04:00

Repalce rawContainerID with containerID

2016-08-05 16:26:47 -07:00

Merge pull request #31378 from yifan-gu/rkt_fetch_no_store

2016-08-26 01:53:20 -07:00

Kubelet: pass pod name/namespace/uid to runtimes

2016-08-23 07:33:15 +08:00

Add return code support to kubectl-exec and -run

2016-08-20 15:58:47 +02:00

Fix nil in error message due to var shadowing

2016-08-19 11:23:19 -04:00

Add sysctl whitelist on the node

2016-08-25 13:22:01 +02:00

Use Go canonical import paths

2016-07-16 13:48:21 -04:00

Kubelet code move: volume / util

2016-08-22 23:35:11 -04:00

Add Events for operation_executor to show status of mounts, failed or successful

2016-08-17 09:53:47 -04:00

active_deadline_test.go

Refactor util clock into it's own pkg

2016-07-28 02:29:04 -04:00

active_deadline.go

Refactor util clock into it's own pkg

2016-07-28 02:29:04 -04:00

container_bridge_test.go

Add tests for container_bridge.go (really just ensureIPTablesMasqRule)

2016-07-29 11:57:17 -04:00

container_bridge.go

Revert "Use netlink.SetPromiscOn instead of iproute2 command"

2016-08-22 10:28:11 +02:00

disk_manager_test.go

Revert "Declare out of disk when there is no free inodes"

2016-07-06 08:19:09 -07:00

disk_manager.go

Revert "Declare out of disk when there is no free inodes"

2016-07-06 08:19:09 -07:00

doc.go

Use Go canonical import paths

2016-07-16 13:48:21 -04:00

flannel_helper.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

kubelet_cadvisor_test.go

Print/log pointers of structs with %#v instead of %+v

2016-08-01 22:27:56 +02:00

kubelet_cadvisor.go

Eviction manager needs to start as runtime dependent module

2016-07-22 10:19:40 -04:00

kubelet_getters_test.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

kubelet_getters.go

This change supports robust kubelet volume cleanup

2016-08-15 11:29:15 -07:00

kubelet_network_test.go

Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE""

2016-08-18 10:19:48 -07:00

kubelet_network.go

Merge pull request #29969 from ZTE-PaaS/zhangke-patch-015

2016-08-22 17:40:43 -07:00

kubelet_node_status_test.go

Merge pull request #31157 from pmorie/kubelet-move

2016-08-25 00:20:39 -07:00

kubelet_node_status.go

Add log message in Kubelet when controller attach/detach is enabled

2016-08-26 12:28:37 -04:00

kubelet_resources_test.go

Fix default resource limits (node capacities) for downward api volumes

2016-08-16 14:41:17 -04:00

kubelet_resources.go

Fix default resource limits (node capacities) for downward api volumes

2016-08-16 14:41:17 -04:00

kubelet_test.go

Merge pull request #31157 from pmorie/kubelet-move

2016-08-25 00:20:39 -07:00

kubelet_volumes_test.go

Kubelet code move: volume / util

2016-08-22 23:35:11 -04:00

kubelet_volumes.go

Kubelet code move: volume / util

2016-08-22 23:35:11 -04:00

kubelet.go

Merge pull request #31446 from liggitt/log-streaming

2016-08-26 06:09:43 -07:00

networks.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

oom_watcher_test.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

oom_watcher.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

OWNERS

Move blunderbuss assignees into tree

2016-03-02 20:46:32 -05:00

pod_container_deletor_test.go

Delete all dead containers only after pod syncing is done.

2016-08-15 14:36:51 -07:00

pod_container_deletor.go

Delete all dead containers only after pod syncing is done.

2016-08-15 14:36:51 -07:00

pod_workers_test.go

Refactor util clock into it's own pkg

2016-07-28 02:29:04 -04:00

pod_workers.go

Fix various typos in kubelet

2016-08-03 01:14:44 +03:00

reason_cache_test.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

reason_cache.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

root_context_linux.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

root_context_unsupported.go

Remove "All rights reserved" from all the headers.

2016-06-29 17:47:36 -07:00

runonce_test.go

Add network-plugin-mtu option for MTU selection

2016-08-23 01:50:58 -04:00

runonce.go

pods can not admitted should return directly

2016-07-30 11:47:50 +08:00

runtime.go

optimize lock of runtimeState stuct

2016-08-03 13:19:22 +08:00

util.go

Kubelet code move: volume / util

2016-08-22 23:35:11 -04:00

volume_host.go

Fix default resource limits (node capacities) for downward api volumes

2016-08-16 14:41:17 -04:00