package sysctl

kubernetes – k8s.io/kubernetes/pkg/kubelet/sysctl Index | Files

import "k8s.io/kubernetes/pkg/kubelet/sysctl"

Index ¶

Constants
func NewRuntimeAdmitHandler(runtime container.Runtime) (*runtimeAdmitHandler, error)
func NewWhitelist(patterns []string, annotationKey string) (*patternWhitelist, error)
func SafeSysctlWhitelist() []string
type Namespace

func NamespacedBy(val string) Namespace

type Whitelist

Constants ¶

const (
	// the Linux IPC namespace
	IpcNamespace = Namespace("ipc")

	// the network namespace
	NetNamespace = Namespace("net")

	// the zero value if no namespace is known
	UnknownNamespace = Namespace("")
)

const (
	AnnotationInvalidReason = "InvalidSysctlAnnotation"
	ForbiddenReason         = "SysctlForbidden"
)

const (
	UnsupportedReason = "SysctlUnsupported"
)

Functions ¶

func NewRuntimeAdmitHandler ¶

func NewRuntimeAdmitHandler(runtime container.Runtime) (*runtimeAdmitHandler, error)

NewRuntimeAdmitHandler returns a sysctlRuntimeAdmitHandler which checks whether the given runtime support sysctls.

func NewWhitelist ¶

func NewWhitelist(patterns []string, annotationKey string) (*patternWhitelist, error)

NewWhitelist creates a new Whitelist from a list of sysctls and sysctl pattern (ending in *).

func SafeSysctlWhitelist ¶

func SafeSysctlWhitelist() []string

SafeSysctlWhitelist returns the whitelist of safe sysctls and safe sysctl patterns (ending in *).

A sysctl is called safe iff - it is namespaced in the container or the pod - it is isolated, i.e. has no influence on any other pod on the same node.

Types ¶

type Namespace ¶

type Namespace string

Namespace represents a kernel namespace name.

func NamespacedBy ¶

func NamespacedBy(val string) Namespace

NamespacedBy returns the namespace of the Linux kernel for a sysctl, or UnknownNamespace if the sysctl is not known to be namespaced.

type Whitelist ¶

type Whitelist interface {
	// Validate checks that all sysctls given in a v1.SysctlsPodAnnotationKey annotation
	// are valid according to the whitelist.
	Validate(pod *v1.Pod) error
}

Whitelist provides a list of allowed sysctls and sysctl patterns (ending in *) and a function to check whether a given sysctl matches this list.

Source Files ¶

namespace.go runtime.go whitelist.go

Version: v1.8.5-beta.0
Published: Nov 20, 2017
Platform: js/wasm
Imports: 8 packages
Last checked: 7 minutes ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples