mirror of https://github.com/k3s-io/k3s
02f803cc02
Automatic merge from submit-queue (batch tested with PRs 50457, 55558, 53483, 55731, 52842). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. improve the logic setting cgroupparent in RunPodSandbox Signed-off-by: yanxuean <yan.xuean@zte.com.cn> **What this PR does / why we need it**: The setting of cgroupparent is too confused! The old logic is: 1. set CgroupParent correctly 2. reset CgroupParent incorrectly 3. set CgroupParent again (refer to #42055 ) The login is too confused, and It is sure that there are many people who drop in trap. We only need to set it in one place. kubernetes/pkg/kubelet/dockershim/docker_sandbox.go ``` func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, image string) (*dockertypes.ContainerCreateConfig, error) { .... // Apply linux-specific options. if lc := c.GetLinux(); lc != nil { if err := ds.applySandboxLinuxOptions(hc, lc, createConfig, image, securityOptSep); err != nil { return nil, err } } // Apply resource options. setSandboxResources(hc) **<-- reset the CgroupParent incorrectly** // Apply cgroupsParent derived from the sandbox config. if lc := c.GetLinux(); lc != nil { // Apply Cgroup options. cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent) if err != nil { return nil, fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", c.Metadata.Name, err) } hc.CgroupParent = cgroupParent } ``` **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ``` |
||
|---|---|---|
| .. | ||
| cm | ||
| fixtures/seccomp | ||
| libdocker | ||
| metrics | ||
| remote | ||
| testing | ||
| BUILD | ||
| convert.go | ||
| convert_test.go | ||
| doc.go | ||
| docker_checkpoint.go | ||
| docker_checkpoint_test.go | ||
| docker_container.go | ||
| docker_container_test.go | ||
| docker_image.go | ||
| docker_image_linux.go | ||
| docker_image_test.go | ||
| docker_image_unsupported.go | ||
| docker_image_windows.go | ||
| docker_sandbox.go | ||
| docker_sandbox_test.go | ||
| docker_service.go | ||
| docker_service_test.go | ||
| docker_stats_linux.go | ||
| docker_stats_unsupported.go | ||
| docker_stats_windows.go | ||
| docker_streaming.go | ||
| exec.go | ||
| helpers.go | ||
| helpers_linux.go | ||
| helpers_linux_test.go | ||
| helpers_test.go | ||
| helpers_unsupported.go | ||
| helpers_windows.go | ||
| naming.go | ||
| naming_test.go | ||
| security_context.go | ||
| security_context_test.go | ||
| selinux_util.go | ||
| selinux_util_test.go | ||