diff --git a/pkg/kubelet/api/v1alpha1/runtime/api.pb.go b/pkg/kubelet/api/v1alpha1/runtime/api.pb.go index 8382c925617..7acf0447d85 100644 --- a/pkg/kubelet/api/v1alpha1/runtime/api.pb.go +++ b/pkg/kubelet/api/v1alpha1/runtime/api.pb.go @@ -667,6 +667,16 @@ type PodSandboxConfig struct { // * localhost/: the profile installed to the node's // local seccomp profile root // + // 3. Sysctls + // + // key: security.alpha.kubernetes.io/sysctls + // description: list of safe sysctls which are set for the sandbox. + // value: comma separated list of sysctl_name=value key-value pairs. + // + // key: security.alpha.kubernetes.io/unsafe-sysctls + // description: list of unsafe sysctls which are set for the sandbox. + // value: comma separated list of sysctl_name=value key-value pairs. + // Annotations map[string]string `protobuf:"bytes,7,rep,name=annotations" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // Optional configurations specific to Linux hosts. Linux *LinuxPodSandboxConfig `protobuf:"bytes,8,opt,name=linux" json:"linux,omitempty"` diff --git a/pkg/kubelet/api/v1alpha1/runtime/api.proto b/pkg/kubelet/api/v1alpha1/runtime/api.proto index 5503ad40166..de10e4c29f4 100644 --- a/pkg/kubelet/api/v1alpha1/runtime/api.proto +++ b/pkg/kubelet/api/v1alpha1/runtime/api.proto @@ -257,6 +257,16 @@ message PodSandboxConfig { // * localhost/: the profile installed to the node's // local seccomp profile root // + // 3. Sysctls + // + // key: security.alpha.kubernetes.io/sysctls + // description: list of safe sysctls which are set for the sandbox. + // value: comma separated list of sysctl_name=value key-value pairs. + // + // key: security.alpha.kubernetes.io/unsafe-sysctls + // description: list of unsafe sysctls which are set for the sandbox. + // value: comma separated list of sysctl_name=value key-value pairs. + // map annotations = 7; // Optional configurations specific to Linux hosts. optional LinuxPodSandboxConfig linux = 8;