Set all sources so node+agent in the same process doesn't get restricted

This commit is contained in:
Darren Shepherd 2019-02-07 20:52:26 -07:00 committed by Rafael Breno
parent 9a6c459df2
commit e56a96c5c1

View File

@ -18,6 +18,8 @@ package capabilities
import (
"sync"
"k8s.io/kubernetes/pkg/kubelet/types"
)
// Capabilities defines the set of capabilities available within the system.
@ -62,8 +64,16 @@ func Initialize(c Capabilities) {
// Setup the capability set. It wraps Initialize for improving usability.
func Setup(allowPrivileged bool, perConnectionBytesPerSec int64) {
all, _ := types.GetValidatedSources([]string{types.AllSource})
Initialize(Capabilities{
AllowPrivileged: allowPrivileged,
// TODO(vmarmol): Implement support for HostNetworkSources.
PrivilegedSources: PrivilegedSources{
HostNetworkSources: all,
HostPIDSources: all,
HostIPCSources: all,
},
PerConnectionBandwidthLimitBytesPerSec: perConnectionBytesPerSec,
})
}