Merge pull request #2023 from briandowns/add_kubelet_cis_flag

add protect-kernel-defaults to kubelet
2024-06-07 19:41:36 +00:00 · 2020-07-14 16:32:43 -07:00 · 2020-07-14 16:32:43 -07:00 · f7dae176e9
commit f7dae176e9
parent 66a8c2ad7f abb2d9aad1
2 changed files with 8 additions and 0 deletions
--- a/pkg/cli/agent/agent.go
+++ b/pkg/cli/agent/agent.go
@ -56,6 +56,7 @@ func Run(ctx *cli.Context) error {
 	cfg := cmds.AgentConfig
 	cfg.Debug = ctx.Bool("debug")
 	cfg.DataDir = dataDir
+	cfg.ProtectKernelDefaults = true

 	contextCtx := signals.SetupSignalHandler(context.Background())

--- a/pkg/cli/cmds/agent.go
+++ b/pkg/cli/cmds/agent.go
@ -36,6 +36,7 @@ type Agent struct {
 	Labels                   []string
 	Taints                   []string
 	PrivateRegistry          string
+	ProtectKernelDefaults    bool
 	AgentShared
 }

@ -136,6 +137,11 @@ var (
 		Hidden:      true,
 		Destination: &AgentConfig.DisableSELinux,
 	}
+	ProtectKernelDefaultsFlag = cli.BoolFlag{
+		Name:        "protect-kernel-defaults",
+		Usage:       "(agent/node) Kernel tuning behavior. If set, error if kernel tunables are different than kubelet defaults.",
+		Destination: &AgentConfig.ProtectKernelDefaults,
+	}
 )

 func NewAgentCommand(action func(ctx *cli.Context) error) *cli.Command {
@ -192,6 +198,7 @@ func NewAgentCommand(action func(ctx *cli.Context) error) *cli.Command {
 			&FlannelConfFlag,
 			&ExtraKubeletArgs,
 			&ExtraKubeProxyArgs,
+			&ProtectKernelDefaultsFlag,
 			&cli.BoolFlag{
 				Name:        "rootless",
 				Usage:       "(experimental) Run rootless",