• Kubernetes Submit Queue's avatar
    Merge pull request #38348 from euank/doc-our-privilege · 1d3c7ca7
    Kubernetes Submit Queue authored
    Automatic merge from submit-queue (batch tested with PRs 38727, 38726, 38347, 38348)
    
    Add 'privileged' to sandbox to indicate if any container might be privileged in it, document privileged
    
    Right now, the privileged flag is this magic thing which does "whatever Docker does". This documents it to make it a little less magic.
    
    In addition, due to how rkt uses `systemd-nspawn` as an outer layer of isolation in creating the sandbox, it's helpful to know beforehand whether the pod will be privileged so additional security options can be applied earlier / applied at all.
    
    I suspect the same indication will be useful for userns since userns should also occur at the pod layer, but it's possible that will be a separate/additional field.
    
    
    cc @lucab @jonboulle @yujuhong @feiskyer @kubernetes/sig-node 
    
    
    ```release-note
    NONE
    ```
    1d3c7ca7
Name
Last commit
Last update
..
testing Loading commit data...
v1alpha1 Loading commit data...
BUILD Loading commit data...
services.go Loading commit data...