github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b253c20d80f307db608abbfcce58fb6495f48e5a
kubernetes/pkg/kubelet
History
Kubernetes Submit Queue eca9e989a3 Merge pull request #36779 from sjenning/fix-memory-leak-via-terminated-pods 
Automatic merge from submit-queue

fix leaking memory backed volumes of terminated pods

Currently, we allow volumes to remain mounted on the node, even though the pod is terminated.  This creates a vector for a malicious user to exhaust memory on the node by creating memory backed volumes containing large files.

This PR removes memory backed volumes (emptyDir w/ medium Memory, secrets, configmaps) of terminated pods from the node.

@saad-ali @derekwaynecarr
2016-11-17 21:29:51 -08:00
..
api
Merge pull request #36728 from feiskyer/sysctls-docs
2016-11-16 02:58:42 -08:00
cadvisor
Fixed kubelet build.
2016-11-01 16:34:47 -04:00
client
Allow apiserver to choose preferred kubelet address type
2016-10-31 16:02:38 -04:00
cm
[kubelet]update --cgroups-per-qos to --experimental-cgroups-per-qos
2016-11-15 15:55:47 +08:00
config
Replace negotiation with a new method that can extract info
2016-10-28 11:30:11 -04:00
container
experimental host user ns defaulting
2016-11-14 10:16:03 -05:00
custommetrics
autogenerated
2016-10-21 17:32:32 -07:00
dockershim
dockershim: remove container upon naming conflicts
2016-11-16 10:20:16 -08:00
dockertools
experimental host user ns defaulting
2016-11-14 10:16:03 -05:00
envvars
autogenerated
2016-10-21 17:32:32 -07:00
events
autogenerated
2016-10-21 17:32:32 -07:00
eviction
Merge pull request #34818 from nebril/eviction-test-cleanup
2016-11-09 02:36:46 -08:00
images
autogenerated
2016-10-21 17:32:32 -07:00
kuberuntime
Add separate username field in CRI and use it.
2016-11-15 16:50:02 -08:00
leaky
autogenerated
2016-10-21 17:32:32 -07:00
lifecycle
Merge pull request #36306 from hex108/fix_kubelet_admit_message
2016-11-08 07:18:32 -08:00
metrics
Add instrumented CRI service which is enabled for both grpc and non-grpc
2016-10-25 10:59:27 -07:00
network
Unittests
2016-10-31 13:05:20 -07:00
pleg
autogenerated
2016-10-21 17:32:32 -07:00
pod
autogenerated
2016-10-21 17:32:32 -07:00
prober
Add timeout argument to ExecInContainer
2016-11-07 13:00:59 +01:00
qos
autogenerated
2016-10-21 17:32:32 -07:00
remote
Add Status implementation.
2016-11-05 00:02:05 -07:00
rkt
Add timeout argument to ExecInContainer
2016-11-07 13:00:59 +01:00
rktshim
CRI: Rename container/sandbox states
2016-11-01 13:18:21 -07:00
server
Use indirect streaming path for dockershim & remote CRI runtime
2016-11-08 10:58:38 -08:00
status
autogenerated
2016-10-21 17:32:32 -07:00
sysctl
autogenerated
2016-10-21 17:32:32 -07:00
types
autogenerated
2016-10-21 17:32:32 -07:00
util
Separate Direct and Indirect streaming paths, implement indirect path with CRI
2016-11-03 13:26:33 -07:00
volumemanager
fix leaking memory backed volumes of terminated pods
2016-11-16 10:17:22 -06:00
active_deadline_test.go
Refactor util clock into it's own pkg
2016-07-28 02:29:04 -04:00
active_deadline.go
Refactor util clock into it's own pkg
2016-07-28 02:29:04 -04:00
BUILD
Use indirect streaming path for dockershim & remote CRI runtime
2016-11-08 10:58:38 -08:00
disk_manager_test.go
Revert "Declare out of disk when there is no free inodes"
2016-07-06 08:19:09 -07:00
disk_manager.go
Revert "Declare out of disk when there is no free inodes"
2016-07-06 08:19:09 -07:00
doc.go
Use Go canonical import paths
2016-07-16 13:48:21 -04:00
kubelet_cadvisor_test.go
Print/log pointers of structs with %#v instead of %+v
2016-08-01 22:27:56 +02:00
kubelet_cadvisor.go
Eviction manager needs to start as runtime dependent module
2016-07-22 10:19:40 -04:00
kubelet_getters_test.go
kubelet_getters.go
Fix volume states out of sync problem after kubelet restarts
2016-10-25 12:29:12 -07:00
kubelet_network_test.go
Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE""
2016-08-18 10:19:48 -07:00
kubelet_network.go
Populate NetworkReady Status.
2016-11-05 00:02:05 -07:00
kubelet_node_status_test.go
Rename experimental-runtime-integration-type to experimental-cri
2016-11-07 11:29:24 -08:00
kubelet_node_status.go
Fix setNodeAddress in combination with cloud providers
2016-11-07 14:34:34 +01:00
kubelet_pods_test.go
Fix hostname truncate.
2016-11-16 18:09:31 -08:00
kubelet_pods.go
Fix hostname truncate.
2016-11-16 18:09:31 -08:00
kubelet_resources_test.go
Fix default resource limits (node capacities) for downward api volumes
2016-08-16 14:41:17 -04:00
kubelet_resources.go
Fix default resource limits (node capacities) for downward api volumes
2016-08-16 14:41:17 -04:00
kubelet_test.go
Better messaging for missing volume components on host to perform mount
2016-11-09 15:16:11 -08:00
kubelet_volumes_test.go
Better messaging for missing volume components on host to perform mount
2016-11-09 15:16:11 -08:00
kubelet_volumes.go
Remove volume SELinux relabeling when pod uses host IPC or PID ns
2016-10-26 10:39:46 -04:00
kubelet.go
[kubelet] rename --cgroups-per-qos to --experimental-cgroups-per-qos to reflect the true nature of that feature
2016-11-14 14:06:39 -08:00
networks.go
Unittests
2016-10-31 13:05:20 -07:00
oom_watcher_test.go
oom_watcher.go
OWNERS
pod_container_deletor_test.go
Delete all dead containers only after pod syncing is done.
2016-08-15 14:36:51 -07:00
pod_container_deletor.go
Delete all dead containers only after pod syncing is done.
2016-08-15 14:36:51 -07:00
pod_workers_test.go
Log an event when container runtime exceeds grace-period during eviction
2016-09-07 13:28:08 -04:00
pod_workers.go
Log an event when container runtime exceeds grace-period during eviction
2016-09-07 13:28:08 -04:00
reason_cache_test.go
reason_cache.go
runonce_test.go
Better messaging for missing volume components on host to perform mount
2016-11-09 15:16:11 -08:00
runonce.go
Add e2e node test for log path
2016-11-08 13:01:25 -05:00
runtime.go
Create hostNetwork pods even if network plugin not ready
2016-11-04 00:11:55 -04:00
util.go
Kubelet code move: volume / util
2016-08-22 23:35:11 -04:00
volume_host.go
Remove GetRootContext from VolumeHost
2016-11-03 12:21:19 -04:00