- Sort Score
- Result 10 results
- Languages All
Results 41 - 50 of 228 for hostNetwork (0.36 sec)
-
pkg/kubelet/kubelet_pods_linux_test.go
}, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { fhu := hostutil.NewFakeHostUtil(nil) fsp := &subpath.FakeSubpath{} pod := v1.Pod{ Spec: v1.PodSpec{ HostNetwork: true, }, } mounts, _, err := makeMounts(&pod, "/pod", &tc.container, "fakepodname", "", []string{""}, tc.podVolumes, fhu, fsp, nil, tc.supportsRRO) // validate only the error if we expect an error
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 18:00:59 UTC 2024 - 11.3K bytes - Viewed (0) -
cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
annotations: prometheus.io/port: "9253" prometheus.io/scrape: "true" spec: priorityClassName: system-node-critical serviceAccountName: node-local-dns hostNetwork: true dnsPolicy: Default # Don't use cluster DNS. tolerations: - key: "CriticalAddonsOnly" operator: "Exists" - effect: "NoExecute" operator: "Exists"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jun 03 03:19:02 UTC 2024 - 5.3K bytes - Viewed (0) -
pkg/kubelet/kubelet_pods_windows_test.go
"disk7": kubecontainer.VolumeInfo{Mounter: &stubVolume{path: `\mnt\disk7`}}, "pipe1": kubecontainer.VolumeInfo{Mounter: &stubVolume{path: `\\.\pipe\pipe1`}}, } pod := v1.Pod{ Spec: v1.PodSpec{ HostNetwork: true, }, } fhu := hostutil.NewFakeHostUtil(nil) fsp := &subpath.FakeSubpath{} podDir, err := os.MkdirTemp("", "test-rotate-logs") require.NoError(t, err) defer os.RemoveAll(podDir)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 25 14:24:16 UTC 2024 - 4.1K bytes - Viewed (0) -
cluster/addons/dns/nodelocaldns/README.md
Using a namespace selector for dns egress traffic as shown [here](https://docs.projectcalico.org/security/tutorials/kubernetes-policy-advanced) might not be enough since the node-local-dns pods run with `hostNetwork: True` One way to enable connectivity from node-local-dns pods to clusterDNS ip is to use an ipBlock rule instead: ``` spec: egress: - ports: - port: 53 protocol: TCP - port: 53
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 31 14:16:53 UTC 2022 - 3K bytes - Viewed (0) -
pkg/kubelet/sysctl/allowlist_test.go
} } for _, test := range invalid { if err := w.validateSysctl(test.sysctl, test.hostNet, test.hostIPC); err == nil { t.Errorf("expected to be rejected: %+v", test) } pod.Spec.HostNetwork = test.hostNet pod.Spec.HostIPC = test.hostIPC pod.Spec.SecurityContext.Sysctls = []v1.Sysctl{{Name: test.sysctl, Value: test.sysctl}} status := w.Admit(attrs) if status.Admit {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Oct 27 22:58:54 UTC 2023 - 3.6K bytes - Viewed (0) -
pkg/config/analysis/analyzers/injection/injection.go
if v, ok := r.Metadata.Labels[label.SidecarInject.Name]; ok { inj = v } if strings.EqualFold(inj, "false") { return true } if pod.HostNetwork { return true } proxyImage := "" for _, container := range append(slices.Clone(pod.Containers), pod.InitContainers...) { if container.Name == util.IstioProxyName {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 5.5K bytes - Viewed (0) -
pkg/kubelet/sysctl/allowlist.go
return lifecycle.PodAdmitResult{ Admit: true, } } for _, s := range pod.Spec.SecurityContext.Sysctls { if err := w.validateSysctl(s.Name, pod.Spec.HostNetwork, pod.Spec.HostIPC); err != nil { return lifecycle.PodAdmitResult{ Admit: false, Reason: ForbiddenReason, Message: fmt.Sprintf("forbidden sysctl: %v", err), } } }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Oct 27 22:58:54 UTC 2023 - 4K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/util/util.go
} // NetworkNamespaceForPod returns the runtimeapi.NamespaceMode // for the network namespace of a pod func NetworkNamespaceForPod(pod *v1.Pod) runtimeapi.NamespaceMode { if pod != nil && pod.Spec.HostNetwork { return runtimeapi.NamespaceMode_NODE } return runtimeapi.NamespaceMode_POD } // PidNamespaceForPod returns the runtimeapi.NamespaceMode // for the PID namespace of a pod
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Mar 13 23:14:48 UTC 2024 - 4.6K bytes - Viewed (0) -
pkg/config/analysis/analyzers/testdata/injection.yaml
# Pod on the host network that's not injected and should not be. Should not generate warning --- apiVersion: v1 kind: Pod metadata: name: noninjectedpodhostnetwork namespace: default spec: hostNetwork: true containers: - image: gcr.io/google-samples/microservices-demo/adservice:v0.1.1 name: server --- apiVersion: v1 kind: Namespace metadata: labels: istio-injection: enabled
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Aug 09 14:06:10 UTC 2023 - 4.1K bytes - Viewed (0) -
pkg/registry/core/pod/strategy_test.go
expectMatch: false, }, { in: &api.Pod{ Spec: api.PodSpec{ SecurityContext: &api.PodSecurityContext{ HostNetwork: false, }, }, }, fieldSelector: fields.ParseSelectorOrDie("spec.hostNetwork=false"), expectMatch: true, }, { in: &api.Pod{ Spec: api.PodSpec{}, },
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 76.2K bytes - Viewed (0)