Back to godoc.org
k8s.io/kubernetes/pkg/capabilities

package capabilities

v1.18.3
Latest Go to latest
Published: May 20, 2020 | License: Apache-2.0 | Module: k8s.io/kubernetes

Overview

Package capabilities manages system level capabilities

Index

func Initialize

func Initialize(c Capabilities)

Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.

func SetForTests

func SetForTests(c Capabilities)

SetForTests sets capabilities for tests. Convenience method for testing. This should only be called from tests.

func Setup

func Setup(allowPrivileged bool, perConnectionBytesPerSec int64)

Setup the capability set. It wraps Initialize for improving usability.

type Capabilities

type Capabilities struct {
	AllowPrivileged bool

	// Pod sources from which to allow privileged capabilities like host networking, sharing the host
	// IPC namespace, and sharing the host PID namespace.
	PrivilegedSources PrivilegedSources

	// PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach)
	PerConnectionBandwidthLimitBytesPerSec int64
}

Capabilities defines the set of capabilities available within the system. For now these are global. Eventually they may be per-user

func Get

func Get() Capabilities

Get returns a read-only copy of the system capabilities.

type PrivilegedSources

type PrivilegedSources struct {
	// List of pod sources for which using host network is allowed.
	HostNetworkSources []string

	// List of pod sources for which using host pid namespace is allowed.
	HostPIDSources []string

	// List of pod sources for which using host ipc is allowed.
	HostIPCSources []string
}

PrivilegedSources defines the pod sources allowed to make privileged requests for certain types of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace.

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
f or F : Jump to identifier