From 145c343273785d5686f7e4293bfa7f1d87d2ce90 Mon Sep 17 00:00:00 2001
From: Lee Verberne <verb@google.com>
Date: Wed, 30 Aug 2017 17:28:58 +0200
Subject: [PATCH] Revert to using isolated PID namespaces in Docker

A shared PID namespace were enabled by default in the 1.7 when running
with a supported Docker runtime, but a Docker version that supports
a shared namespace was not qualified for use.

Release 1.8 will qualify a docker version supporting shared PID, but we
don't want to cause disruption for container images which expect always
to have PID 1.
---
 cmd/kubelet/app/options/container_runtime.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/kubelet/app/options/container_runtime.go b/cmd/kubelet/app/options/container_runtime.go
index 926be8bca3f..38fa4ef06ea 100644
--- a/cmd/kubelet/app/options/container_runtime.go
+++ b/cmd/kubelet/app/options/container_runtime.go
@@ -108,6 +108,7 @@ func NewContainerRuntimeOptions() *ContainerRuntimeOptions {
 		DockerEndpoint:            dockerEndpoint,
 		DockershimRootDirectory:   "/var/lib/dockershim",
 		DockerExecHandlerName:     "native",
+		DockerDisableSharedPID:    true,
 		PodSandboxImage:           defaultPodSandboxImage,
 		ImagePullProgressDeadline: metav1.Duration{Duration: 1 * time.Minute},
 		RktAPIEndpoint:            defaultRktAPIServiceEndpoint,