Skip to content

Commit

Permalink
Set all sources so node+agent in the same process doesn't get restricted
Browse files Browse the repository at this point in the history
  • Loading branch information
@ibuildthecloud @brandond
ibuildthecloud authored and brandond committed Sep 16, 2021
1 parent 91eb20a commit 3ec6171
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions cmd/kube-apiserver/app/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ import (
"strings"
"time"

"k8s.io/kubernetes/pkg/kubelet/types"

"github.com/spf13/cobra"
"github.com/spf13/pflag"

Expand Down Expand Up @@ -246,13 +248,15 @@ func CreateKubeAPIServerConfig(s completedServerRunOptions) (
return nil, nil, nil, err
}

all, _ := types.GetValidatedSources([]string{types.AllSource})

capabilities.Initialize(capabilities.Capabilities{
AllowPrivileged: s.AllowPrivileged,
// TODO(vmarmol): Implement support for HostNetworkSources.
PrivilegedSources: capabilities.PrivilegedSources{
HostNetworkSources: []string{},
HostPIDSources: []string{},
HostIPCSources: []string{},
HostNetworkSources: all,
HostPIDSources: all,
HostIPCSources: all,
},
PerConnectionBandwidthLimitBytesPerSec: s.MaxConnectionBytesPerSec,
})
Expand Down

0 comments on commit 3ec6171

Please sign in to comment.