update cis flag implementation to propogate the rest of the way through to kubelet

Signed-off-by: Brian Downs <brian.downs@gmail.com>
pull/2044/head
Brian Downs 4 years ago
parent 6d59b81479
commit 5a81fdbdc5

@ -485,6 +485,7 @@ func get(envInfo *cmds.Agent, proxy proxy.Proxy) (*config.Node, error) {
nodeConfig.AgentConfig.Rootless = envInfo.Rootless
nodeConfig.AgentConfig.PodManifests = filepath.Join(envInfo.DataDir, DefaultPodManifestPath)
nodeConfig.DisableSELinux = envInfo.DisableSELinux
nodeConfig.AgentConfig.ProtectKernelDefaults = envInfo.ProtectKernelDefaults
return nodeConfig, nil
}

@ -56,7 +56,6 @@ func Run(ctx *cli.Context) error {
cfg := cmds.AgentConfig
cfg.Debug = ctx.Bool("debug")
cfg.DataDir = dataDir
cfg.ProtectKernelDefaults = true
contextCtx := signals.SetupSignalHandler(context.Background())

@ -247,6 +247,7 @@ func NewServerCommand(action func(*cli.Context) error) *cli.Command {
&FlannelConfFlag,
&ExtraKubeletArgs,
&ExtraKubeProxyArgs,
&ProtectKernelDefaultsFlag,
&cli.BoolFlag{
Name: "rootless",
Usage: "(experimental) Run rootless",

@ -155,6 +155,10 @@ func startKubelet(cfg *config.Agent) error {
argsMap["enforce-node-allocatable"] = ""
}
if cfg.ProtectKernelDefaults {
argsMap["protect-kernel-defaults"] = "true"
}
args := config.GetArgsList(argsMap, cfg.ExtraKubeletArgs)
logrus.Infof("Running kubelet %s", config.ArgString(args))

@ -83,6 +83,7 @@ type Agent struct {
DisableNPC bool
DisableKubeProxy bool
Rootless bool
ProtectKernelDefaults bool
}
type Control struct {

Loading…
Cancel
Save