kubelet: config: add userNamespaces.idsPerPod
IDsPerPod is the mapping length of subids for UserNS. The length must be multiple of 65536. Default: 65536 Implements kubernetes/enhancements PR 5020 (addendum to KEP-127) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> Kubernetes-commit: 1592bfa4a81182ffb2ad599d600778e92564e3c0
This commit is contained in:
Akihiro Suda
Kubernetes Publisher
parent
64ed7a97e5
commit
9685938ad2
|
|
@ -924,6 +924,11 @@ type KubeletConfiguration struct {
|
||||||
// Default: false
|
// Default: false
|
||||||
// +optional
|
// +optional
|
||||||
FailCgroupV1 *bool `json:"failCgroupV1,omitempty"`
|
FailCgroupV1 *bool `json:"failCgroupV1,omitempty"`
|
||||||
|
|
||||||
|
// UserNamespaces contains User Namespace configurations.
|
||||||
|
// +featureGate=UserNamespaceSupport
|
||||||
|
// +optional
|
||||||
|
UserNamespaces *UserNamespaces `json:"userNamespaces,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type KubeletAuthorizationMode string
|
type KubeletAuthorizationMode string
|
||||||
|
|
@ -1119,3 +1124,17 @@ type ExecEnvVar struct {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Value string `json:"value"`
|
Value string `json:"value"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UserNamespaces contains User Namespace configurations.
|
||||||
|
type UserNamespaces struct {
|
||||||
|
// IDsPerPod is the mapping length of UIDs and GIDs.
|
||||||
|
// The length must be a multiple of 65536, and must be less than 1<<32.
|
||||||
|
// On non-linux such as windows, only null / absent is allowed.
|
||||||
|
//
|
||||||
|
// Changing the value may require recreating all containers on the node.
|
||||||
|
//
|
||||||
|
// Default: 65536
|
||||||
|
// +featureGate=UserNamespaceSupport
|
||||||
|
// +optional
|
||||||
|
IDsPerPod *int64 `json:"idsPerPod,omitempty"`
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -527,6 +527,11 @@ func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) {
|
||||||
*out = new(bool)
|
*out = new(bool)
|
||||||
**out = **in
|
**out = **in
|
||||||
}
|
}
|
||||||
|
if in.UserNamespaces != nil {
|
||||||
|
in, out := &in.UserNamespaces, &out.UserNamespaces
|
||||||
|
*out = new(UserNamespaces)
|
||||||
|
(*in).DeepCopyInto(*out)
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -684,3 +689,24 @@ func (in *ShutdownGracePeriodByPodPriority) DeepCopy() *ShutdownGracePeriodByPod
|
||||||
in.DeepCopyInto(out)
|
in.DeepCopyInto(out)
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *UserNamespaces) DeepCopyInto(out *UserNamespaces) {
|
||||||
|
*out = *in
|
||||||
|
if in.IDsPerPod != nil {
|
||||||
|
in, out := &in.IDsPerPod, &out.IDsPerPod
|
||||||
|
*out = new(int64)
|
||||||
|
**out = **in
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserNamespaces.
|
||||||
|
func (in *UserNamespaces) DeepCopy() *UserNamespaces {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(UserNamespaces)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue