From 1a4ed8bffee8654e9dbe1f5257c78f10f3e9ea4b Mon Sep 17 00:00:00 2001 From: Peter Hunt Date: Wed, 24 Jun 2020 15:38:44 -0400 Subject: [PATCH] crio: manage ns lifecycle change the entry in crio.conf template to manage ns lifecycle As it is more secure and gives cri-o more control of namespace lifecycle. Also change the outdated config name value Signed-off-by: Peter Hunt --- .../01-master-container-runtime/_base/files/crio.yaml | 6 +++--- .../01-worker-container-runtime/_base/files/crio.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/templates/master/01-master-container-runtime/_base/files/crio.yaml b/templates/master/01-master-container-runtime/_base/files/crio.yaml index 2f7cb3fb18..d687322a2c 100644 --- a/templates/master/01-master-container-runtime/_base/files/crio.yaml +++ b/templates/master/01-master-container-runtime/_base/files/crio.yaml @@ -178,9 +178,9 @@ contents: # regarding the proper termination of the container. ctr_stop_timeout = 0 - # ManageNetworkNSLifecycle determines whether we pin and remove network namespace - # and manage its lifecycle. - manage_network_ns_lifecycle = false + # ManageNSLifecycle determines whether we pin and remove namespaces + # and manage their lifecycle. + manage_ns_lifecycle = true # The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. # The runtime to use is picked based on the runtime_handler provided by the CRI. diff --git a/templates/worker/01-worker-container-runtime/_base/files/crio.yaml b/templates/worker/01-worker-container-runtime/_base/files/crio.yaml index 2f7cb3fb18..d687322a2c 100644 --- a/templates/worker/01-worker-container-runtime/_base/files/crio.yaml +++ b/templates/worker/01-worker-container-runtime/_base/files/crio.yaml @@ -178,9 +178,9 @@ contents: # regarding the proper termination of the container. ctr_stop_timeout = 0 - # ManageNetworkNSLifecycle determines whether we pin and remove network namespace - # and manage its lifecycle. - manage_network_ns_lifecycle = false + # ManageNSLifecycle determines whether we pin and remove namespaces + # and manage their lifecycle. + manage_ns_lifecycle = true # The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. # The runtime to use is picked based on the runtime_handler provided by the CRI.