From 4c5e2204c33660c51ccbfc231756b14d1542b847 Mon Sep 17 00:00:00 2001 From: Seth Jennings Date: Mon, 11 Dec 2017 23:33:36 -0600 Subject: [PATCH 1/2] UPSTREAM: 51634: Revert to using isolated PID namespaces in Docker --- .../kubernetes/cmd/kubelet/app/options/container_runtime.go | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/k8s.io/kubernetes/cmd/kubelet/app/options/container_runtime.go b/vendor/k8s.io/kubernetes/cmd/kubelet/app/options/container_runtime.go index 926be8bca3ff..38fa4ef06eac 100644 --- a/vendor/k8s.io/kubernetes/cmd/kubelet/app/options/container_runtime.go +++ b/vendor/k8s.io/kubernetes/cmd/kubelet/app/options/container_runtime.go @@ -108,6 +108,7 @@ func NewContainerRuntimeOptions() *ContainerRuntimeOptions { DockerEndpoint: dockerEndpoint, DockershimRootDirectory: "/var/lib/dockershim", DockerExecHandlerName: "native", + DockerDisableSharedPID: true, PodSandboxImage: defaultPodSandboxImage, ImagePullProgressDeadline: metav1.Duration{Duration: 1 * time.Minute}, RktAPIEndpoint: defaultRktAPIServiceEndpoint, From 5b7bc10d479ef747fa2c0e92a37048c29d8fa1e4 Mon Sep 17 00:00:00 2001 From: Seth Jennings Date: Mon, 18 Dec 2017 10:08:38 -0600 Subject: [PATCH 2/2] adjust ContainerRuntimeOptions in node defaults test --- pkg/cmd/server/kubernetes/node/node_config_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/cmd/server/kubernetes/node/node_config_test.go b/pkg/cmd/server/kubernetes/node/node_config_test.go index 69e711c8bc4b..28e5c805e38a 100644 --- a/pkg/cmd/server/kubernetes/node/node_config_test.go +++ b/pkg/cmd/server/kubernetes/node/node_config_test.go @@ -31,6 +31,7 @@ func TestKubeletDefaults(t *testing.T) { ContainerRuntimeOptions: kubeletoptions.ContainerRuntimeOptions{ DockershimRootDirectory: "/var/lib/dockershim", DockerExecHandlerName: "native", + DockerDisableSharedPID: true, DockerEndpoint: "unix:///var/run/docker.sock", ImagePullProgressDeadline: metav1.Duration{Duration: 1 * time.Minute}, RktAPIEndpoint: rkt.DefaultRktAPIServiceEndpoint,