108ee85b82
The kubelet uses libct/cgroups code to set up cgroups. It creates a parent cgroup (kubepods) to put the containers into. The problem (for cgroupv2 that uses eBPF for device configuration) is the hard requirement to have devices cgroup configured results in leaking an eBPF program upon every kubelet restart. program. If kubelet is restarted 64+ times, the cgroup can't be configured anymore. Work around this by adding a SkipDevices flag to Resources. A check was added so that if SkipDevices is set, such a "container" can't be started (to make sure it is only used for non-containers). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> |
||
|---|---|---|
| .. | ||
| cpu.go | ||
| cpuset.go | ||
| create.go | ||
| defaultpath.go | ||
| defaultpath_test.go | ||
| devices.go | ||
| freezer.go | ||
| fs2.go | ||
| hugetlb.go | ||
| io.go | ||
| memory.go | ||
| pids.go | ||