Merge pull request #36728 from feiskyer/sysctls-docs

Automatic merge from submit-queue

CRI: add docs for sysctls

#34830 adds `sysctls` features in CRI, it is based on sandbox annotations, this PR adds docs for it. 

@yujuhong @timstclair @jonboulle
This commit is contained in:
Kubernetes Submit Queue 2016-11-16 02:58:42 -08:00 committed by GitHub
commit 193622b31f
2 changed files with 20 additions and 0 deletions

View File

@ -667,6 +667,16 @@ type PodSandboxConfig struct {
// * localhost/<profile-name>: the profile installed to the node's
// local seccomp profile root
//
// 3. Sysctls
//
// key: security.alpha.kubernetes.io/sysctls
// description: list of safe sysctls which are set for the sandbox.
// value: comma separated list of sysctl_name=value key-value pairs.
//
// key: security.alpha.kubernetes.io/unsafe-sysctls
// description: list of unsafe sysctls which are set for the sandbox.
// value: comma separated list of sysctl_name=value key-value pairs.
//
Annotations map[string]string `protobuf:"bytes,7,rep,name=annotations" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// Optional configurations specific to Linux hosts.
Linux *LinuxPodSandboxConfig `protobuf:"bytes,8,opt,name=linux" json:"linux,omitempty"`

View File

@ -257,6 +257,16 @@ message PodSandboxConfig {
// * localhost/<profile-name>: the profile installed to the node's
// local seccomp profile root
//
// 3. Sysctls
//
// key: security.alpha.kubernetes.io/sysctls
// description: list of safe sysctls which are set for the sandbox.
// value: comma separated list of sysctl_name=value key-value pairs.
//
// key: security.alpha.kubernetes.io/unsafe-sysctls
// description: list of unsafe sysctls which are set for the sandbox.
// value: comma separated list of sysctl_name=value key-value pairs.
//
map<string, string> annotations = 7;
// Optional configurations specific to Linux hosts.
optional LinuxPodSandboxConfig linux = 8;