kubernetes/kuberuntime at f90461c43e881d320b78d48793db10c110d488d1 - kubernetes - Gitea: Git with a cup of tea

github/kubernetes

Files

History

Akihiro Suda c7f52b34f3 kubelet: KEP-3857: Recursive Read-only (RRO) mounts

See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

2024-03-10 03:00:59 +09:00

..

Added mutex locks when accessing file object : addressed review comments

2023-10-28 17:32:13 +05:30

KEP-127: check for runtime handler userns support

2024-02-27 12:01:00 +01:00

convert_test.go

Imagepull per runtime class alpha release changes

2023-10-31 15:52:46 -07:00

convert.go

Imagepull per runtime class alpha release changes

2023-10-31 15:52:46 -07:00

doc.go

…

fake_kuberuntime_manager.go

Add PodLogsPath to kubelet config

2024-02-16 09:55:59 -08:00

helpers_linux_test.go

Remove unused getSeccompProfilePath helper function

2023-06-01 11:03:39 +02:00

helpers_linux.go

In-place Pod Vertical Scaling - core implementation

2023-02-24 18:21:21 +00:00

helpers_test.go

Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated

2024-03-07 15:00:07 -08:00

helpers_unsupported.go

Fix cpu share issues on systems with large amounts of cpu

2021-11-14 19:49:19 +00:00

helpers.go

kubelet: RuntimeHandler: add SupportsRecursiveReadOnlyMounts

2024-03-09 09:48:09 +09:00

instrumented_services_test.go

Second attempt: Plumb context to Kubelet CRI calls (#113591 )

2022-11-05 06:02:13 -07:00

instrumented_services.go

add container filesystem to CRI api

2023-10-23 15:04:30 -04:00

kuberuntime_container_linux_test.go

add no swap as the default option for swap

2024-03-05 16:10:42 -05:00

kuberuntime_container_linux.go

add no swap as the default option for swap

2024-03-05 16:10:42 -05:00

kuberuntime_container_test.go

Add PodLogsPath to kubelet config

2024-02-16 09:55:59 -08:00

kuberuntime_container_unsupported.go

In-place Pod Vertical Scaling - core implementation

2023-02-24 18:21:21 +00:00

kuberuntime_container_windows_test.go

Add Windows support for IPPVS

2023-09-06 10:01:53 +03:00

kuberuntime_container_windows.go

Add Windows support for IPPVS

2023-09-06 10:01:53 +03:00

kuberuntime_container.go

kubelet: KEP-3857: Recursive Read-only (RRO) mounts

2024-03-10 03:00:59 +09:00

kuberuntime_gc_test.go

Add PodLogsPath to kubelet config

2024-02-16 09:55:59 -08:00

kuberuntime_gc.go

Fix tests after rebase

2024-02-16 16:02:10 -08:00

kuberuntime_image_test.go

Add image pull duration metric with bucketed image size

2024-02-08 00:30:31 +00:00

kuberuntime_image.go

Add image pull duration metric with bucketed image size

2024-02-08 00:30:31 +00:00

kuberuntime_logs.go

…

kuberuntime_manager_test.go

Enable pod container resources tests on Windows

2023-11-16 14:13:06 +01:00

kuberuntime_manager.go

Merge pull request #112957 from mxpv/log-dir

2024-03-04 21:07:06 -08:00

kuberuntime_sandbox_linux_test.go

Make kuberuntime unit tests environment independent + support cgroup v2

2023-07-14 14:52:27 +03:00

kuberuntime_sandbox_linux.go

dedupe pod resource request calculation

2023-03-09 17:15:53 -06:00

kuberuntime_sandbox_test.go

Update comments and error messages

2024-02-16 09:56:01 -08:00

kuberuntime_sandbox_unsupported.go

Make CRI v1 the default and allow a fallback to v1alpha2

2021-11-17 11:05:05 -08:00

kuberuntime_sandbox_windows.go

Make CRI v1 the default and allow a fallback to v1alpha2

2021-11-17 11:05:05 -08:00

kuberuntime_sandbox.go

Add PodLogsPath to kubelet config

2024-02-16 09:55:59 -08:00

kuberuntime_termination_order_test.go

sidecars: terminate sidecars after main containers

2023-10-17 19:07:21 -05:00

kuberuntime_termination_order.go

sidecars: terminate sidecars after main containers

2023-10-17 19:07:21 -05:00

labels_test.go

kubelet: replace intstr.FromInt with intstr.FromInt32

2023-05-01 09:17:35 +02:00

labels.go

Make kubelet label types public

2023-07-10 10:58:44 +02:00

legacy_test.go

Merge pull request #114373 from TommyStarK/unit-tests/kubelet-kuberuntime

2023-03-10 04:34:58 -08:00

legacy.go

Replaces path.Operation with filepath.Operation (kubelet)

2022-11-08 16:05:48 +00:00

security_context_others_test.go

kubelet/kuberuntime: Improving test coverage

2023-03-10 11:06:54 +01:00

security_context_others.go

generated: Run hack/update-gofmt.sh

2021-08-24 15:47:49 -04:00

security_context_windows_test.go

Merge pull request #111020 from claudiubelu/adds-unittests-5

2022-07-29 19:29:11 -07:00

security_context_windows.go

Windows: ensure runAsNonRoot does case-insensitive comparison on user name

2022-07-18 15:23:13 -07:00

security_context.go

Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated

2024-03-07 15:00:07 -08:00