github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 22:17:14 +00:00
Code Issues Projects Releases Wiki Activity

clean up sysctl code

Browse Source
This commit is contained in:
Cao Shufeng 2018-02-09 17:43:55 +08:00
parent 948f28a74c
commit 530c459ff2
3 changed files with 3 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/kubelet/sysctl/BUILD
View File

@ -20,7 +20,6 @@ go_library(
"//pkg/apis/extensions/validation:go_default_library", "//pkg/apis/extensions/validation:go_default_library",
"//pkg/kubelet/container:go_default_library", "//pkg/kubelet/container:go_default_library",
"//pkg/kubelet/lifecycle:go_default_library", "//pkg/kubelet/lifecycle:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
], ],
) )

4
pkg/kubelet/sysctl/runtime.go
View File

@ -53,7 +53,7 @@ func NewRuntimeAdmitHandler(runtime container.Runtime) (*runtimeAdmitHandler, er
return nil, fmt.Errorf("failed to get runtime version: %v", err) return nil, fmt.Errorf("failed to get runtime version: %v", err)
} }
// only Docker >= 1.12 supports sysctls // only Docker API version >= 1.24 supports sysctls
c, err := v.Compare(dockerMinimumAPIVersion) c, err := v.Compare(dockerMinimumAPIVersion)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to compare Docker version for sysctl support: %v", err) return nil, fmt.Errorf("failed to compare Docker version for sysctl support: %v", err)
@ -69,7 +69,7 @@ func NewRuntimeAdmitHandler(runtime container.Runtime) (*runtimeAdmitHandler, er
result: lifecycle.PodAdmitResult{ result: lifecycle.PodAdmitResult{
Admit: false, Admit: false,
Reason: UnsupportedReason, Reason: UnsupportedReason,
Message: "Docker before 1.12 does not support sysctls", Message: "Docker API version before 1.24 does not support sysctls",
}, },
}, nil }, nil
case rktTypeName: case rktTypeName:

11
pkg/kubelet/sysctl/whitelist.go
View File

@ -20,7 +20,6 @@ import (
"fmt" "fmt"
"strings" "strings"
"k8s.io/api/core/v1"
v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"
"k8s.io/kubernetes/pkg/apis/core/validation" "k8s.io/kubernetes/pkg/apis/core/validation"
extvalidation "k8s.io/kubernetes/pkg/apis/extensions/validation" extvalidation "k8s.io/kubernetes/pkg/apis/extensions/validation"
@ -45,14 +44,6 @@ func SafeSysctlWhitelist() []string {
} }
} }
// Whitelist provides a list of allowed sysctls and sysctl patterns (ending in *)
// and a function to check whether a given sysctl matches this list.
type Whitelist interface {
// Validate checks that all sysctls given in a v1.SysctlsPodAnnotationKey annotation
// are valid according to the whitelist.
Validate(pod *v1.Pod) error
}
// patternWhitelist takes a list of sysctls or sysctl patterns (ending in *) and // patternWhitelist takes a list of sysctls or sysctl patterns (ending in *) and
// checks validity via a sysctl and prefix map, rejecting those which are not known // checks validity via a sysctl and prefix map, rejecting those which are not known
// to be namespaced. // to be namespaced.
@ -130,7 +121,7 @@ func (w *patternWhitelist) validateSysctl(sysctl string, hostNet, hostIPC bool)
return fmt.Errorf("%q not whitelisted", sysctl) return fmt.Errorf("%q not whitelisted", sysctl)
} }
// Admit checks that all sysctls given in a v1.SysctlsPodAnnotationKey annotation // Admit checks that all sysctls given in annotations v1.SysctlsPodAnnotationKey and v1.UnsafeSysctlsPodAnnotationKey
// are valid according to the whitelist. // are valid according to the whitelist.
func (w *patternWhitelist) Admit(attrs *lifecycle.PodAdmitAttributes) lifecycle.PodAdmitResult { func (w *patternWhitelist) Admit(attrs *lifecycle.PodAdmitAttributes) lifecycle.PodAdmitResult {
pod := attrs.Pod pod := attrs.Pod