github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-04 09:36:16 +00:00
Code Issues Projects Releases Wiki Activity
Files
06cbb29e9e9b10c371347d2457ff8708f4a9e9f5
kubernetes/pkg/kubelet
History
Kubernetes Submit Queue 17787eb6f2 Merge pull request #31557 from timstclair/aa-event 
Automatic merge from submit-queue

Include security options in the container created event

New container creation events look like:
```
Created container with docker id /k8s_bar2.a4; Security:[seccomp=sub/subtest(md5:07c9bcb4db631f7ca191d6e0bca49f76)]

Created container with docker id /k8s_bar2.a4; Security:[seccomp=unconfined apparmor=foo-profile]
```

The goal is to provide enough information to confirm that the requseted security constraints were honored.

For https://github.com/kubernetes/kubernetes/issues/31284

/cc @dchen1107 @thockin @jfrazelle @pweil- @pmorie

---

Justification for v1.4:

- Risk: low. This appends some additional information to a human readable message. A bug here would probably not break any functionality
- Roll-back: I don't anticipate any more changes to this area of the code. No functionality depends on this change.
- Cost of not including: Users don't get any (positive) confirmation that the AppArmor or Seccomp profile they requested were actually enabled.
2016-08-30 01:35:33 -07:00
..
api
Merge pull request #30753 from feiskyer/sandbox-name
2016-08-22 19:41:44 -07:00
cadvisor
Filter internal Kubernetes labels from Prometheus metrics
2016-08-22 19:44:27 -04:00
client
cm
Create testable implementation of sysctl
2016-08-23 01:42:37 -04:00
config
Convert() should accept the new conversion Context value
2016-08-18 14:45:20 -04:00
container
rkt: Refactoring the construction of the mount points.
2016-08-19 13:09:27 -07:00
custommetrics
dockershim
Kubelet: pass pod name/namespace/uid to runtimes
2016-08-23 07:33:15 +08:00
dockertools
Include security options in the container created event
2016-08-26 15:32:48 -07:00
envvars
events
Add Events for operation_executor to show status of mounts, failed or successful
2016-08-17 09:53:47 -04:00
eviction
Merge pull request #31523 from derekwaynecarr/imagefs-observations
2016-08-27 02:58:42 -07:00
images
pkg/kubelet/images: fix struct initialization
2016-08-19 16:52:52 +03:00
kuberuntime
Merge pull request #31091 from feiskyer/kuberuntime-getnetns
2016-08-24 13:40:40 -07:00
leaky
lifecycle
Remove apparmor dependency on pkg/kubelet/lifecycle
2016-08-21 20:59:11 -07:00
metrics
network
Merge pull request #28717 from freehan/ebtable
2016-08-25 19:12:09 -07:00
pleg
pod
prober
Always return exec command output
2016-08-17 16:21:19 -04:00
qos
remote
rkt
Merge pull request #31378 from yifan-gu/rkt_fetch_no_store
2016-08-26 01:53:20 -07:00
rktshim
Kubelet: pass pod name/namespace/uid to runtimes
2016-08-23 07:33:15 +08:00
server
Add return code support to kubectl-exec and -run
2016-08-20 15:58:47 +02:00
status
Fix nil in error message due to var shadowing
2016-08-19 11:23:19 -04:00
sysctl
Add sysctl whitelist on the node
2016-08-25 13:22:01 +02:00
types
util
Kubelet code move: volume / util
2016-08-22 23:35:11 -04:00
volumemanager
Add Events for operation_executor to show status of mounts, failed or successful
2016-08-17 09:53:47 -04:00
active_deadline_test.go
active_deadline.go
container_bridge_test.go
container_bridge.go
Revert "Use netlink.SetPromiscOn instead of iproute2 command"
2016-08-22 10:28:11 +02:00
disk_manager_test.go
disk_manager.go
doc.go
flannel_helper.go
kubelet_cadvisor_test.go
kubelet_cadvisor.go
kubelet_getters_test.go
kubelet_getters.go
This change supports robust kubelet volume cleanup
2016-08-15 11:29:15 -07:00
kubelet_network_test.go
Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE""
2016-08-18 10:19:48 -07:00
kubelet_network.go
Merge pull request #29969 from ZTE-PaaS/zhangke-patch-015
2016-08-22 17:40:43 -07:00
kubelet_node_status_test.go
Merge pull request #31157 from pmorie/kubelet-move
2016-08-25 00:20:39 -07:00
kubelet_node_status.go
Add log message in Kubelet when controller attach/detach is enabled
2016-08-26 12:28:37 -04:00
kubelet_resources_test.go
Fix default resource limits (node capacities) for downward api volumes
2016-08-16 14:41:17 -04:00
kubelet_resources.go
Fix default resource limits (node capacities) for downward api volumes
2016-08-16 14:41:17 -04:00
kubelet_test.go
Merge pull request #31157 from pmorie/kubelet-move
2016-08-25 00:20:39 -07:00
kubelet_volumes_test.go
Kubelet code move: volume / util
2016-08-22 23:35:11 -04:00
kubelet_volumes.go
Kubelet code move: volume / util
2016-08-22 23:35:11 -04:00
kubelet.go
Merge pull request #31446 from liggitt/log-streaming
2016-08-26 06:09:43 -07:00
networks.go
oom_watcher_test.go
oom_watcher.go
OWNERS
pod_container_deletor_test.go
Delete all dead containers only after pod syncing is done.
2016-08-15 14:36:51 -07:00
pod_container_deletor.go
Delete all dead containers only after pod syncing is done.
2016-08-15 14:36:51 -07:00
pod_workers_test.go
pod_workers.go
reason_cache_test.go
reason_cache.go
root_context_linux.go
root_context_unsupported.go
runonce_test.go
Add network-plugin-mtu option for MTU selection
2016-08-23 01:50:58 -04:00
runonce.go
runtime.go
util.go
Kubelet code move: volume / util
2016-08-22 23:35:11 -04:00
volume_host.go
Fix default resource limits (node capacities) for downward api volumes
2016-08-16 14:41:17 -04:00