alexlebens/external-snapshotter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bumping k8s dependencies to 1.13

Browse Source
This commit is contained in:
Cheng Xing
2018-11-16 14:08:25 -08:00
parent 305407125c
commit b4c0b68ec7
8002 changed files with 884099 additions and 276228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/security_context.go generated vendored
View File

@@ -137,6 +137,11 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig *
hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, "no-new-privileges")
}
if !hostConfig.Privileged {
hostConfig.MaskedPaths = sc.MaskedPaths
hostConfig.ReadonlyPaths = sc.ReadonlyPaths
}
return nil
}
@@ -200,20 +205,13 @@ func modifyHostOptionsForContainer(nsOpts *runtimeapi.NamespaceOption, podSandbo
}
}
// modifyPIDNamespaceOverrides implements two temporary overrides for the default PID namespace sharing for Docker:
// modifyPIDNamespaceOverrides implements a temporary override for the default PID namespace sharing for Docker:
// 1. Docker engine prior to API Version 1.24 doesn't support attaching to another container's
// PID namespace, and it didn't stabilize until 1.26. This check can be removed when Kubernetes'
// minimum Docker version is at least 1.13.1 (API version 1.26).
// 2. The administrator can override the API behavior by using the deprecated --docker-disable-shared-pid=false
// flag. Until this flag is removed, this causes pods to use NamespaceMode_POD instead of
// NamespaceMode_CONTAINER regardless of pod configuration.
// TODO(verb): remove entirely once these two conditions are satisfied
func modifyContainerPIDNamespaceOverrides(disableSharedPID bool, version *semver.Version, hc *dockercontainer.HostConfig, podSandboxID string) {
if version.LT(semver.Version{Major: 1, Minor: 26}) {
if strings.HasPrefix(string(hc.PidMode), "container:") {
hc.PidMode = ""
}
} else if !disableSharedPID && hc.PidMode == "" {
hc.PidMode = dockercontainer.PidMode(fmt.Sprintf("container:%v", podSandboxID))
func modifyContainerPIDNamespaceOverrides(version *semver.Version, hc *dockercontainer.HostConfig, podSandboxID string) {
if version.LT(semver.Version{Major: 1, Minor: 26}) && strings.HasPrefix(string(hc.PidMode), "container:") {
hc.PidMode = ""
}
}