mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-03-19 17:12:42 -04:00
39004e852b
Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md. Add a ProcMount option to the SecurityContext & AllowedProcMountTypes to PodSecurityPolicy So there is a bit of a chicken and egg problem here in that the CRI runtimes will need to implement this for there to be any sort of e2e testing. **What this PR does / why we need it**: This PR implements design proposal https://github.com/kubernetes/community/pull/1934. This adds a ProcMount option to the SecurityContext and AllowedProcMountTypes to PodSecurityPolicy Relies on https://github.com/google/cadvisor/pull/1967 **Release note**: ```release-note ProcMount added to SecurityContext and AllowedProcMounts added to PodSecurityPolicy to allow paths in the container's /proc to not be masked. ``` cc @Random-Liu @mrunalp |
||
|---|---|---|
| .. | ||
| abac | ||
| admission | ||
| admissionregistration | ||
| apps | ||
| authentication | ||
| authorization | ||
| autoscaling | ||
| batch | ||
| certificates | ||
| componentconfig | ||
| coordination | ||
| core | ||
| events | ||
| extensions | ||
| imagepolicy | ||
| networking | ||
| policy | ||
| rbac | ||
| scheduling | ||
| settings | ||
| storage | ||
| OWNERS | ||