github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f90461c43e
kubernetes/pkg/kubelet/container
History
Akihiro Suda c7f52b34f3
kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-03-10 03:00:59 +09:00
..
testing KEP-127: check for runtime handler userns support 2024-02-27 12:01:00 +01:00
cache_test.go Fix int->string casts 2020-07-24 16:23:12 -04:00
cache.go Fix issue in enabling evented pleg feature gate 2023-10-17 13:07:01 +05:30
container_gc_test.go implementation of split disk kep 2023-11-01 14:46:33 -04:00
container_gc.go implementation of split disk kep 2023-11-01 14:46:33 -04:00
container_hash_test.go Omit nil or empty field when calculating hash value 2019-08-22 13:46:52 +08:00
helpers_test.go Set default resize policy only for specified resource types, rename RestartNotRequired -> NotRequired 2023-03-12 23:46:40 +00:00
helpers.go Add image_id to CRI ContainerStatus message 2024-02-29 12:41:55 +01:00
os.go Remove ioutil in kubelet and its tests 2022-07-30 12:35:26 +09:00
ref_test.go Remove no-longer used selflink code from kubelet 2022-01-14 10:38:23 +01:00
ref.go Remove EphemeralContainers feature-gate checks 2022-07-26 02:55:30 +02:00
runtime_cache_fake.go Second attempt: Plumb context to Kubelet CRI calls (#113591) 2022-11-05 06:02:13 -07:00
runtime_cache_test.go Second attempt: Plumb context to Kubelet CRI calls (#113591) 2022-11-05 06:02:13 -07:00
runtime_cache.go kubelet: Force deleted pods can fail to move out of terminating 2023-03-08 22:03:51 -06:00
runtime.go kubelet: KEP-3857: Recursive Read-only (RRO) mounts 2024-03-10 03:00:59 +09:00
sync_result_test.go go-1.12: fix 'go vet' failures 2019-03-01 18:48:17 +02:00
sync_result.go fix golint issues in pkg/kubelet/container 2020-06-19 15:48:08 +00:00