github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

kubelet/cm: don't set Devices

Browse Source 
Since runc 1.0.0 it is now sufficient to have SkipDevices: true.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin 2021-05-21 13:53:23 -07:00
parent eb5df869ba
commit e5b434e990
3 changed files with 0 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/kubelet/cm/cgroup_manager_linux.go
View File

@ -33,7 +33,6 @@ import (
"github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
cgroupsystemd "github.com/opencontainers/runc/libcontainer/cgroups/systemd" cgroupsystemd "github.com/opencontainers/runc/libcontainer/cgroups/systemd"
libcontainerconfigs "github.com/opencontainers/runc/libcontainer/configs" libcontainerconfigs "github.com/opencontainers/runc/libcontainer/configs"
libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices"
"k8s.io/klog/v2" "k8s.io/klog/v2"
v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"
@ -380,15 +379,6 @@ func getSupportedUnifiedControllers() sets.String {
func (m *cgroupManagerImpl) toResources(resourceConfig *ResourceConfig) *libcontainerconfigs.Resources { func (m *cgroupManagerImpl) toResources(resourceConfig *ResourceConfig) *libcontainerconfigs.Resources {
resources := &libcontainerconfigs.Resources{ resources := &libcontainerconfigs.Resources{
Devices: []*libcontainerdevices.Rule{
{
Type: 'a',
Permissions: "rwm",
Allow: true,
Minor: libcontainerdevices.Wildcard,
Major: libcontainerdevices.Wildcard,
},
},
SkipDevices: true, SkipDevices: true,
} }
if resourceConfig == nil { if resourceConfig == nil {

10
pkg/kubelet/cm/container_manager_linux.go
View File

@ -38,7 +38,6 @@ import (
utilio "k8s.io/utils/io" utilio "k8s.io/utils/io"
utilpath "k8s.io/utils/path" utilpath "k8s.io/utils/path"
libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices"
libcontaineruserns "github.com/opencontainers/runc/libcontainer/userns" libcontaineruserns "github.com/opencontainers/runc/libcontainer/userns"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
@ -396,15 +395,6 @@ func createManager(containerName string) (cgroups.Manager, error) {
Parent: "/", Parent: "/",
Name: containerName, Name: containerName,
Resources: &configs.Resources{ Resources: &configs.Resources{
Devices: []*libcontainerdevices.Rule{
{
Type: 'a',
Permissions: "rwm",
Allow: true,
Minor: libcontainerdevices.Wildcard,
Major: libcontainerdevices.Wildcard,
},
},
SkipDevices: true, SkipDevices: true,
}, },
} }

10
pkg/kubelet/dockershim/cm/container_manager_linux.go
View File

@ -28,7 +28,6 @@ import (
"github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups"
cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs" cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs"
"github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs"
libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices"
utilversion "k8s.io/apimachinery/pkg/util/version" utilversion "k8s.io/apimachinery/pkg/util/version"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/klog/v2" "k8s.io/klog/v2"
@ -127,15 +126,6 @@ func createCgroupManager(name string) (cgroups.Manager, error) {
Memory: int64(memoryLimit), Memory: int64(memoryLimit),
MemorySwap: -1, MemorySwap: -1,
SkipDevices: true, SkipDevices: true,
Devices: []*libcontainerdevices.Rule{
{
Minor: libcontainerdevices.Wildcard,
Major: libcontainerdevices.Wildcard,
Type: 'a',
Permissions: "rwm",
Allow: true,
},
},
}, },
} }
return cgroupfs.NewManager(cg, nil, false), nil return cgroupfs.NewManager(cg, nil, false), nil