github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f90461c43e
kubernetes/pkg/kubelet/kuberuntime
History
Akihiro Suda c7f52b34f3
kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-03-10 03:00:59 +09:00
..
logs Added mutex locks when accessing file object : addressed review comments 2023-10-28 17:32:13 +05:30
util KEP-127: check for runtime handler userns support 2024-02-27 12:01:00 +01:00
convert_test.go Imagepull per runtime class alpha release changes 2023-10-31 15:52:46 -07:00
convert.go Imagepull per runtime class alpha release changes 2023-10-31 15:52:46 -07:00
doc.go
fake_kuberuntime_manager.go Add PodLogsPath to kubelet config 2024-02-16 09:55:59 -08:00
helpers_linux_test.go Remove unused getSeccompProfilePath helper function 2023-06-01 11:03:39 +02:00
helpers_linux.go In-place Pod Vertical Scaling - core implementation 2023-02-24 18:21:21 +00:00
helpers_test.go Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated 2024-03-07 15:00:07 -08:00
helpers_unsupported.go Fix cpu share issues on systems with large amounts of cpu 2021-11-14 19:49:19 +00:00
helpers.go kubelet: RuntimeHandler: add SupportsRecursiveReadOnlyMounts 2024-03-09 09:48:09 +09:00
instrumented_services_test.go Second attempt: Plumb context to Kubelet CRI calls (#113591) 2022-11-05 06:02:13 -07:00
instrumented_services.go add container filesystem to CRI api 2023-10-23 15:04:30 -04:00
kuberuntime_container_linux_test.go add no swap as the default option for swap 2024-03-05 16:10:42 -05:00
kuberuntime_container_linux.go add no swap as the default option for swap 2024-03-05 16:10:42 -05:00
kuberuntime_container_test.go Add PodLogsPath to kubelet config 2024-02-16 09:55:59 -08:00
kuberuntime_container_unsupported.go In-place Pod Vertical Scaling - core implementation 2023-02-24 18:21:21 +00:00
kuberuntime_container_windows_test.go Add Windows support for IPPVS 2023-09-06 10:01:53 +03:00
kuberuntime_container_windows.go Add Windows support for IPPVS 2023-09-06 10:01:53 +03:00
kuberuntime_container.go kubelet: KEP-3857: Recursive Read-only (RRO) mounts 2024-03-10 03:00:59 +09:00
kuberuntime_gc_test.go Add PodLogsPath to kubelet config 2024-02-16 09:55:59 -08:00
kuberuntime_gc.go Fix tests after rebase 2024-02-16 16:02:10 -08:00
kuberuntime_image_test.go Add image pull duration metric with bucketed image size 2024-02-08 00:30:31 +00:00
kuberuntime_image.go Add image pull duration metric with bucketed image size 2024-02-08 00:30:31 +00:00
kuberuntime_logs.go
kuberuntime_manager_test.go Enable pod container resources tests on Windows 2023-11-16 14:13:06 +01:00
kuberuntime_manager.go Merge pull request #112957 from mxpv/log-dir 2024-03-04 21:07:06 -08:00
kuberuntime_sandbox_linux_test.go Make kuberuntime unit tests environment independent + support cgroup v2 2023-07-14 14:52:27 +03:00
kuberuntime_sandbox_linux.go dedupe pod resource request calculation 2023-03-09 17:15:53 -06:00
kuberuntime_sandbox_test.go Update comments and error messages 2024-02-16 09:56:01 -08:00
kuberuntime_sandbox_unsupported.go Make CRI v1 the default and allow a fallback to v1alpha2 2021-11-17 11:05:05 -08:00
kuberuntime_sandbox_windows.go Make CRI v1 the default and allow a fallback to v1alpha2 2021-11-17 11:05:05 -08:00
kuberuntime_sandbox.go Add PodLogsPath to kubelet config 2024-02-16 09:55:59 -08:00
kuberuntime_termination_order_test.go sidecars: terminate sidecars after main containers 2023-10-17 19:07:21 -05:00
kuberuntime_termination_order.go sidecars: terminate sidecars after main containers 2023-10-17 19:07:21 -05:00
labels_test.go kubelet: replace intstr.FromInt with intstr.FromInt32 2023-05-01 09:17:35 +02:00
labels.go Make kubelet label types public 2023-07-10 10:58:44 +02:00
legacy_test.go Merge pull request #114373 from TommyStarK/unit-tests/kubelet-kuberuntime 2023-03-10 04:34:58 -08:00
legacy.go Replaces path.Operation with filepath.Operation (kubelet) 2022-11-08 16:05:48 +00:00
security_context_others_test.go kubelet/kuberuntime: Improving test coverage 2023-03-10 11:06:54 +01:00
security_context_others.go generated: Run hack/update-gofmt.sh 2021-08-24 15:47:49 -04:00
security_context_windows_test.go Merge pull request #111020 from claudiubelu/adds-unittests-5 2022-07-29 19:29:11 -07:00
security_context_windows.go Windows: ensure runAsNonRoot does case-insensitive comparison on user name 2022-07-18 15:23:13 -07:00
security_context.go Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated 2024-03-07 15:00:07 -08:00