mirror of https://github.com/k3s-io/k3s
Merge pull request #35969 from sttts/sttts-dockershim-infra-sysctl-only
Automatic merge from submit-queue Only set sysctls in infra container in dockershim Dockershim counterpart of https://github.com/kubernetes/kubernetes/pull/32383.pull/6/head
Kubernetes Submit Queue
GitHub
commit
07f78836ea
|
|
@ -125,13 +125,6 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeApi
|
||||||
Privileged: config.GetPrivileged(),
|
Privileged: config.GetPrivileged(),
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set sysctls if requested
|
|
||||||
sysctls, err := getSysctlsFromAnnotations(config.Annotations)
|
|
||||||
if err != nil {
|
|
||||||
return "", fmt.Errorf("failed to get sysctls from annotations %v for container %q: %v", config.Annotations, config.Metadata.GetName(), err)
|
|
||||||
}
|
|
||||||
hc.Sysctls = sysctls
|
|
||||||
|
|
||||||
// Apply options derived from the sandbox config.
|
// Apply options derived from the sandbox config.
|
||||||
if lc := sandboxConfig.GetLinux(); lc != nil {
|
if lc := sandboxConfig.GetLinux(); lc != nil {
|
||||||
// Apply Cgroup options.
|
// Apply Cgroup options.
|
||||||
|
|
@ -176,6 +169,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeApi
|
||||||
// Note: ShmSize is handled in kube_docker_client.go
|
// Note: ShmSize is handled in kube_docker_client.go
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var err error
|
||||||
hc.SecurityOpt, err = getContainerSecurityOpts(config.Metadata.GetName(), sandboxConfig, ds.seccompProfileRoot)
|
hc.SecurityOpt, err = getContainerSecurityOpts(config.Metadata.GetName(), sandboxConfig, ds.seccompProfileRoot)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.GetName(), err)
|
return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.GetName(), err)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue