github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/kubelet
History
Kubernetes Submit Queue 17787eb6f2 Merge pull request #31557 from timstclair/aa-event 
Automatic merge from submit-queue

Include security options in the container created event

New container creation events look like:
```
Created container with docker id /k8s_bar2.a4; Security:[seccomp=sub/subtest(md5:07c9bcb4db631f7ca191d6e0bca49f76)]

Created container with docker id /k8s_bar2.a4; Security:[seccomp=unconfined apparmor=foo-profile]
```

The goal is to provide enough information to confirm that the requseted security constraints were honored.

For https://github.com/kubernetes/kubernetes/issues/31284

/cc @dchen1107 @thockin @jfrazelle @pweil- @pmorie

---

Justification for v1.4:

- Risk: low. This appends some additional information to a human readable message. A bug here would probably not break any functionality
- Roll-back: I don't anticipate any more changes to this area of the code. No functionality depends on this change.
- Cost of not including: Users don't get any (positive) confirmation that the AppArmor or Seccomp profile they requested were actually enabled.
 		2016-08-30 01:35:33 -07:00
..
api Merge pull request #30753 from feiskyer/sandbox-name 2016-08-22 19:41:44 -07:00
cadvisor Filter internal Kubernetes labels from Prometheus metrics 2016-08-22 19:44:27 -04:00
client Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
cm Create testable implementation of sysctl 2016-08-23 01:42:37 -04:00
config Convert() should accept the new conversion Context value 2016-08-18 14:45:20 -04:00
container rkt: Refactoring the construction of the mount points. 2016-08-19 13:09:27 -07:00
custommetrics Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
dockershim Kubelet: pass pod name/namespace/uid to runtimes 2016-08-23 07:33:15 +08:00
dockertools Include security options in the container created event 2016-08-26 15:32:48 -07:00
envvars Use Go canonical import paths 2016-07-16 13:48:21 -04:00
events Add Events for operation_executor to show status of mounts, failed or successful 2016-08-17 09:53:47 -04:00
eviction Merge pull request #31523 from derekwaynecarr/imagefs-observations 2016-08-27 02:58:42 -07:00
images pkg/kubelet/images: fix struct initialization 2016-08-19 16:52:52 +03:00
kuberuntime Merge pull request #31091 from feiskyer/kuberuntime-getnetns 2016-08-24 13:40:40 -07:00
leaky Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
lifecycle Remove apparmor dependency on pkg/kubelet/lifecycle 2016-08-21 20:59:11 -07:00
metrics Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
network Merge pull request #28717 from freehan/ebtable 2016-08-25 19:12:09 -07:00
pleg Fix various typos in kubelet 2016-08-03 01:14:44 +03:00
pod Fix various typos in kubelet 2016-08-03 01:14:44 +03:00
prober Always return exec command output 2016-08-17 16:21:19 -04:00
qos Use Go canonical import paths 2016-07-16 13:48:21 -04:00
remote Repalce rawContainerID with containerID 2016-08-05 16:26:47 -07:00
rkt Merge pull request #31378 from yifan-gu/rkt_fetch_no_store 2016-08-26 01:53:20 -07:00
rktshim Kubelet: pass pod name/namespace/uid to runtimes 2016-08-23 07:33:15 +08:00
server Add return code support to kubectl-exec and -run 2016-08-20 15:58:47 +02:00
status Fix nil in error message due to var shadowing 2016-08-19 11:23:19 -04:00
sysctl Add sysctl whitelist on the node 2016-08-25 13:22:01 +02:00
types Use Go canonical import paths 2016-07-16 13:48:21 -04:00
util Kubelet code move: volume / util 2016-08-22 23:35:11 -04:00
volumemanager Add Events for operation_executor to show status of mounts, failed or successful 2016-08-17 09:53:47 -04:00
OWNERS
active_deadline.go Refactor util clock into it's own pkg 2016-07-28 02:29:04 -04:00
active_deadline_test.go Refactor util clock into it's own pkg 2016-07-28 02:29:04 -04:00
container_bridge.go Revert "Use netlink.SetPromiscOn instead of iproute2 command" 2016-08-22 10:28:11 +02:00
container_bridge_test.go Add tests for container_bridge.go (really just ensureIPTablesMasqRule) 2016-07-29 11:57:17 -04:00
disk_manager.go Revert "Declare out of disk when there is no free inodes" 2016-07-06 08:19:09 -07:00
disk_manager_test.go Revert "Declare out of disk when there is no free inodes" 2016-07-06 08:19:09 -07:00
doc.go Use Go canonical import paths 2016-07-16 13:48:21 -04:00
flannel_helper.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
kubelet.go Merge pull request #31446 from liggitt/log-streaming 2016-08-26 06:09:43 -07:00
kubelet_cadvisor.go Eviction manager needs to start as runtime dependent module 2016-07-22 10:19:40 -04:00
kubelet_cadvisor_test.go Print/log pointers of structs with %#v instead of %+v 2016-08-01 22:27:56 +02:00
kubelet_getters.go This change supports robust kubelet volume cleanup 2016-08-15 11:29:15 -07:00
kubelet_getters_test.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
kubelet_network.go Merge pull request #29969 from ZTE-PaaS/zhangke-patch-015 2016-08-22 17:40:43 -07:00
kubelet_network_test.go Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE"" 2016-08-18 10:19:48 -07:00
kubelet_node_status.go Add log message in Kubelet when controller attach/detach is enabled 2016-08-26 12:28:37 -04:00
kubelet_node_status_test.go Merge pull request #31157 from pmorie/kubelet-move 2016-08-25 00:20:39 -07:00
kubelet_resources.go Fix default resource limits (node capacities) for downward api volumes 2016-08-16 14:41:17 -04:00
kubelet_resources_test.go Fix default resource limits (node capacities) for downward api volumes 2016-08-16 14:41:17 -04:00
kubelet_test.go Merge pull request #31157 from pmorie/kubelet-move 2016-08-25 00:20:39 -07:00
kubelet_volumes.go Kubelet code move: volume / util 2016-08-22 23:35:11 -04:00
kubelet_volumes_test.go Kubelet code move: volume / util 2016-08-22 23:35:11 -04:00
networks.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
oom_watcher.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
oom_watcher_test.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
pod_container_deletor.go Delete all dead containers only after pod syncing is done. 2016-08-15 14:36:51 -07:00
pod_container_deletor_test.go Delete all dead containers only after pod syncing is done. 2016-08-15 14:36:51 -07:00
pod_workers.go Fix various typos in kubelet 2016-08-03 01:14:44 +03:00
pod_workers_test.go Refactor util clock into it's own pkg 2016-07-28 02:29:04 -04:00
reason_cache.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
reason_cache_test.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
root_context_linux.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
root_context_unsupported.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
runonce.go pods can not admitted should return directly 2016-07-30 11:47:50 +08:00
runonce_test.go Add network-plugin-mtu option for MTU selection 2016-08-23 01:50:58 -04:00
runtime.go optimize lock of runtimeState stuct 2016-08-03 13:19:22 +08:00
util.go Kubelet code move: volume / util 2016-08-22 23:35:11 -04:00
volume_host.go Fix default resource limits (node capacities) for downward api volumes 2016-08-16 14:41:17 -04:00