diff --git a/cmd/kubelet/app/options/container_runtime.go b/cmd/kubelet/app/options/container_runtime.go index 926be8bca3f..38fa4ef06ea 100644 --- a/cmd/kubelet/app/options/container_runtime.go +++ b/cmd/kubelet/app/options/container_runtime.go @@ -108,6 +108,7 @@ func NewContainerRuntimeOptions() *ContainerRuntimeOptions { DockerEndpoint: dockerEndpoint, DockershimRootDirectory: "/var/lib/dockershim", DockerExecHandlerName: "native", + DockerDisableSharedPID: true, PodSandboxImage: defaultPodSandboxImage, ImagePullProgressDeadline: metav1.Duration{Duration: 1 * time.Minute}, RktAPIEndpoint: defaultRktAPIServiceEndpoint, diff --git a/test/e2e_node/docker_test.go b/test/e2e_node/docker_test.go index 854fa664ac3..6142eba8b20 100644 --- a/test/e2e_node/docker_test.go +++ b/test/e2e_node/docker_test.go @@ -41,11 +41,11 @@ var _ = framework.KubeDescribe("Docker features [Feature:Docker]", func() { It("processes in different containers of the same pod should be able to see each other", func() { // TODO(yguo0905): Change this test to run unless the runtime is // Docker and its version is <1.13. - By("Check whether shared PID namespace is enabled.") - isEnabled, err := isSharedPIDNamespaceEnabled() + By("Check whether shared PID namespace is supported.") + isEnabled, err := isSharedPIDNamespaceSupported() framework.ExpectNoError(err) if !isEnabled { - framework.Skipf("Skipped because shared PID namespace is not enabled.") + framework.Skipf("Skipped because shared PID namespace is not supported by this docker version.") } By("Create a pod with two containers.") diff --git a/test/e2e_node/docker_util.go b/test/e2e_node/docker_util.go index 625733daf5a..8a87607e993 100644 --- a/test/e2e_node/docker_util.go +++ b/test/e2e_node/docker_util.go @@ -43,9 +43,9 @@ func getDockerAPIVersion() (semver.Version, error) { return semver.MustParse(version.APIVersion + ".0"), nil } -// isSharedPIDNamespaceEnabled returns true if the Docker version is 1.13.1+ +// isSharedPIDNamespaceSupported returns true if the Docker version is 1.13.1+ // (API version 1.26+), and false otherwise. -func isSharedPIDNamespaceEnabled() (bool, error) { +func isSharedPIDNamespaceSupported() (bool, error) { version, err := getDockerAPIVersion() if err != nil { return false, err diff --git a/test/e2e_node/services/kubelet.go b/test/e2e_node/services/kubelet.go index 9cbc9d5ba1c..3f8de017b32 100644 --- a/test/e2e_node/services/kubelet.go +++ b/test/e2e_node/services/kubelet.go @@ -155,6 +155,7 @@ func (e *E2EServices) startKubelet() (*server, error) { "--serialize-image-pulls", "false", "--pod-manifest-path", manifestPath, "--file-check-frequency", "10s", // Check file frequently so tests won't wait too long + "--docker-disable-shared-pid=false", // Assign a fixed CIDR to the node because there is no node controller. // // Note: this MUST be in sync with with the IP in