diff --git a/cmd/apiserver/apiserver.go b/cmd/apiserver/apiserver.go index 2a4d82a017e..62dfca9f9be 100644 --- a/cmd/apiserver/apiserver.go +++ b/cmd/apiserver/apiserver.go @@ -114,7 +114,7 @@ func main() { glog.Fatalf("-etcd_servers flag is required.") } - capabilities.InitializeCapabilities(capabilities.Capabilities{ + capabilities.Initialize(capabilities.Capabilities{ AllowPrivileged: *allowPrivileged, }) diff --git a/cmd/kubelet/kubelet.go b/cmd/kubelet/kubelet.go index 66522348008..20fb98488ba 100644 --- a/cmd/kubelet/kubelet.go +++ b/cmd/kubelet/kubelet.go @@ -105,7 +105,7 @@ func main() { etcd.SetLogger(util.NewLogger("etcd ")) - capabilities.InitializeCapabilities(capabilities.Capabilities{ + capabilities.Initialize(capabilities.Capabilities{ AllowPrivileged: *allowPrivileged, }) diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go index 6326ef843d2..01d96b4c463 100644 --- a/pkg/api/validation/validation.go +++ b/pkg/api/validation/validation.go @@ -227,7 +227,7 @@ func validateContainers(containers []api.Container, volumes util.StringSet) errs for i := range containers { cErrs := errs.ErrorList{} ctr := &containers[i] // so we can set default values - capabilities := capabilities.GetCapabilities() + capabilities := capabilities.Get() if len(ctr.Name) == 0 { cErrs = append(cErrs, errs.NewFieldRequired("name", ctr.Name)) } else if !util.IsDNSLabel(ctr.Name) { diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go index affb91aaf40..e5db3369964 100644 --- a/pkg/api/validation/validation_test.go +++ b/pkg/api/validation/validation_test.go @@ -180,7 +180,7 @@ func TestValidateVolumeMounts(t *testing.T) { func TestValidateContainers(t *testing.T) { volumes := util.StringSet{} - capabilities.SetCapabilitiesForTests(capabilities.Capabilities{ + capabilities.SetForTests(capabilities.Capabilities{ AllowPrivileged: true, }) @@ -203,7 +203,7 @@ func TestValidateContainers(t *testing.T) { t.Errorf("expected success: %v", errs) } - capabilities.SetCapabilitiesForTests(capabilities.Capabilities{ + capabilities.SetForTests(capabilities.Capabilities{ AllowPrivileged: false, }) errorCases := map[string][]api.Container{ diff --git a/pkg/capabilities/capabilities.go b/pkg/capabilities/capabilities.go index cd5ef4ba008..d907bfba232 100644 --- a/pkg/capabilities/capabilities.go +++ b/pkg/capabilities/capabilities.go @@ -30,7 +30,7 @@ var once sync.Once var capabilities *Capabilities // Initialize the capability set. This can only be done once per binary, subsequent calls are ignored. -func InitializeCapabilities(c Capabilities) { +func Initialize(c Capabilities) { // Only do this once once.Do(func() { capabilities = &c @@ -38,14 +38,14 @@ func InitializeCapabilities(c Capabilities) { } // SetCapabilitiesForTests. Convenience method for testing. This should only be called from tests. -func SetCapabilitiesForTests(c Capabilities) { +func SetForTests(c Capabilities) { capabilities = &c } // Returns a read-only copy of the system capabilities. -func GetCapabilities() Capabilities { +func Get() Capabilities { if capabilities == nil { - InitializeCapabilities(Capabilities{ + Initialize(Capabilities{ AllowPrivileged: false, }) } diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 5d9808f102e..4d96ef83891 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -337,7 +337,7 @@ func (kl *Kubelet) runContainer(pod *Pod, container *api.Container, podVolumes v return "", err } privileged := false - if capabilities.GetCapabilities().AllowPrivileged { + if capabilities.Get().AllowPrivileged { privileged = container.Privileged } else if container.Privileged { return "", fmt.Errorf("Container requested privileged mode, but it is disallowed globally.")