-
Notifications
You must be signed in to change notification settings - Fork 39.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rkt: Improve support for privileged pod (pod whose all containers are privileged) #31286
Conversation
Perhaps we should also update the minimum required version to reflect this (though I believe the failure scenario is just that the feature will gracefully degrade into all capabilities). Reviewed 1 of 1 files at r1, 1 of 1 files at r2. Comments from Reviewable |
3779386
to
2eac49e
Compare
…ners are privileged.
2eac49e
to
173dbd7
Compare
@euank Updated the version. |
@yifan-gu |
Last nit is that this could be a release note / bug-fix label, though it doesn't completely fix the bug, it is a step in the right direction. Reviewed 2 of 2 files at r3. Comments from Reviewable |
@euank I was also thinking about adding |
@yifan-gu LGTM 👍 Are we not adding a release note? I couldn't see it |
@pwittrock I would consider this a bugfix in that it improves the state of a known issue with the rkt integration. I would consider #30513 feature-work. |
GCE e2e build/test passed for commit 173dbd7. |
Automatic merge from submit-queue |
Automatic merge from submit-queue rkt: Update kube-up rkt version to v1.14.0 cc @kubernetes/sig-rktnetes This should have been included in #31286 (whoops). This is a bugfix that I propose for v1.4 inclusion.
Automatic merge from submit-queue rkt: Update kube-up rkt version to v1.14.0 cc @kubernetes/sig-rktnetes This should have been included in kubernetes#31286 (whoops). This is a bugfix that I propose for v1.4 inclusion. (cherry picked from commit 243959c)
Fix #31100
This takes advantage of rkt/rkt#2983 . By appending the new
--all-run
insecure-options torkt run-prepared
command when all the containers are privileged. The pod now gets more privileged power.This change is