github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
cae35dba5a3060711a2a3f958537003bc74a59c0
kubernetes/pkg/kubelet/container
History
Akihiro Suda c7f52b34f3 kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-03-10 03:00:59 +09:00
..
testing
KEP-127: check for runtime handler userns support
2024-02-27 12:01:00 +01:00
cache_test.go
Fix int->string casts
2020-07-24 16:23:12 -04:00
cache.go
Fix issue in enabling evented pleg feature gate
2023-10-17 13:07:01 +05:30
container_gc_test.go
implementation of split disk kep
2023-11-01 14:46:33 -04:00
container_gc.go
implementation of split disk kep
2023-11-01 14:46:33 -04:00
container_hash_test.go
Omit nil or empty field when calculating hash value
2019-08-22 13:46:52 +08:00
helpers_test.go
Set default resize policy only for specified resource types, rename RestartNotRequired -> NotRequired
2023-03-12 23:46:40 +00:00
helpers.go
Add image_id to CRI ContainerStatus message
2024-02-29 12:41:55 +01:00
os.go
Remove ioutil in kubelet and its tests
2022-07-30 12:35:26 +09:00
ref_test.go
Remove no-longer used selflink code from kubelet
2022-01-14 10:38:23 +01:00
ref.go
Remove EphemeralContainers feature-gate checks
2022-07-26 02:55:30 +02:00
runtime_cache_fake.go
Second attempt: Plumb context to Kubelet CRI calls (#113591)
2022-11-05 06:02:13 -07:00
runtime_cache_test.go
Second attempt: Plumb context to Kubelet CRI calls (#113591)
2022-11-05 06:02:13 -07:00
runtime_cache.go
kubelet: Force deleted pods can fail to move out of terminating
2023-03-08 22:03:51 -06:00
runtime.go
kubelet: KEP-3857: Recursive Read-only (RRO) mounts
2024-03-10 03:00:59 +09:00
sync_result_test.go
go-1.12: fix 'go vet' failures
2019-03-01 18:48:17 +02:00
sync_result.go
fix golint issues in pkg/kubelet/container
2020-06-19 15:48:08 +00:00