- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 24 for hostNetwork (0.21 sec)
-
cluster/gce/manifests/cloud-controller-manager.manifest
}, "spec":{ "securityContext": { {{runAsUser}} {{runAsGroup}} {{supplementalGroups}} "seccompProfile": { "type": "RuntimeDefault" } }, "priorityClassName": "system-node-critical", "hostNetwork": true, "containers":[ { "name": "cloud-controller-manager", "image": "gcr.io/k8s-staging-cloud-provider-gcp/cloud-controller-manager:v30.0.0", "resources": { "requests": {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Apr 23 08:50:12 UTC 2024 - 4K bytes - Viewed (0) -
pkg/proxy/nftables/README.md
the kernel netfilter subsystem. ## General theory of netfilter Packet flow through netfilter looks something like: ```text +================+ +=====================+ | hostNetwork IP | | hostNetwork process | +================+ +=====================+ ^ | - - - - - - - - | - - - - - [*] - - - - - - - - -
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sun Jan 21 14:37:56 UTC 2024 - 5.9K bytes - Viewed (0) -
cluster/gce/manifests/etcd.manifest
"namespace": "kube-system" }, "spec":{ "securityContext": { "seccompProfile": { "type": "RuntimeDefault" } }, "priorityClassName": "system-node-critical", "priority": 2000001000, "hostNetwork": true, "containers":[ { "name": "etcd-container", {{security_context}} "image": "{{ pillar.get('etcd_docker_repository', 'registry.k8s.io/etcd') }}:{{ pillar.get('etcd_docker_tag', '3.5.14-0') }}",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Jun 01 03:36:35 UTC 2024 - 3.8K bytes - Viewed (0) -
cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
annotations: prometheus.io/port: "9253" prometheus.io/scrape: "true" spec: priorityClassName: system-node-critical serviceAccountName: node-local-dns hostNetwork: true dnsPolicy: Default # Don't use cluster DNS. tolerations: - key: "CriticalAddonsOnly" operator: "Exists" - effect: "NoExecute" operator: "Exists"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jun 03 03:19:02 UTC 2024 - 5.3K bytes - Viewed (0) -
pkg/kubelet/kubelet_pods_windows_test.go
"disk7": kubecontainer.VolumeInfo{Mounter: &stubVolume{path: `\mnt\disk7`}}, "pipe1": kubecontainer.VolumeInfo{Mounter: &stubVolume{path: `\\.\pipe\pipe1`}}, } pod := v1.Pod{ Spec: v1.PodSpec{ HostNetwork: true, }, } fhu := hostutil.NewFakeHostUtil(nil) fsp := &subpath.FakeSubpath{} podDir, err := os.MkdirTemp("", "test-rotate-logs") require.NoError(t, err) defer os.RemoveAll(podDir)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 25 14:24:16 UTC 2024 - 4.1K bytes - Viewed (0) -
pkg/kubelet/sysctl/allowlist_test.go
} } for _, test := range invalid { if err := w.validateSysctl(test.sysctl, test.hostNet, test.hostIPC); err == nil { t.Errorf("expected to be rejected: %+v", test) } pod.Spec.HostNetwork = test.hostNet pod.Spec.HostIPC = test.hostIPC pod.Spec.SecurityContext.Sysctls = []v1.Sysctl{{Name: test.sysctl, Value: test.sysctl}} status := w.Admit(attrs) if status.Admit {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Oct 27 22:58:54 UTC 2023 - 3.6K bytes - Viewed (0) -
pkg/config/analysis/analyzers/injection/injection.go
if v, ok := r.Metadata.Labels[label.SidecarInject.Name]; ok { inj = v } if strings.EqualFold(inj, "false") { return true } if pod.HostNetwork { return true } proxyImage := "" for _, container := range append(slices.Clone(pod.Containers), pod.InitContainers...) { if container.Name == util.IstioProxyName {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 5.5K bytes - Viewed (0) -
pkg/kubelet/sysctl/allowlist.go
return lifecycle.PodAdmitResult{ Admit: true, } } for _, s := range pod.Spec.SecurityContext.Sysctls { if err := w.validateSysctl(s.Name, pod.Spec.HostNetwork, pod.Spec.HostIPC); err != nil { return lifecycle.PodAdmitResult{ Admit: false, Reason: ForbiddenReason, Message: fmt.Sprintf("forbidden sysctl: %v", err), } } }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Oct 27 22:58:54 UTC 2023 - 4K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/util/util.go
} // NetworkNamespaceForPod returns the runtimeapi.NamespaceMode // for the network namespace of a pod func NetworkNamespaceForPod(pod *v1.Pod) runtimeapi.NamespaceMode { if pod != nil && pod.Spec.HostNetwork { return runtimeapi.NamespaceMode_NODE } return runtimeapi.NamespaceMode_POD } // PidNamespaceForPod returns the runtimeapi.NamespaceMode // for the PID namespace of a pod
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Mar 13 23:14:48 UTC 2024 - 4.6K bytes - Viewed (0) -
pkg/config/analysis/analyzers/testdata/injection.yaml
# Pod on the host network that's not injected and should not be. Should not generate warning --- apiVersion: v1 kind: Pod metadata: name: noninjectedpodhostnetwork namespace: default spec: hostNetwork: true containers: - image: gcr.io/google-samples/microservices-demo/adservice:v0.1.1 name: server --- apiVersion: v1 kind: Namespace metadata: labels: istio-injection: enabled
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Aug 09 14:06:10 UTC 2023 - 4.1K bytes - Viewed (0)