Merge pull request #35969 from sttts/sttts-dockershim-infra-sysctl-only

Automatic merge from submit-queue Only set sysctls in infra container in dockershim Dockershim counterpart of https://github.com/kubernetes/kubernetes/pull/32383.
2025-10-31 02:08:13 +00:00 · 2016-11-01 23:52:06 -07:00
parent f4c2a05eea 42f6179517
commit 07f78836ea
1 changed files with 1 additions and 7 deletions
--- a/pkg/kubelet/dockershim/docker_container.go
+++ b/pkg/kubelet/dockershim/docker_container.go
@@ -125,13 +125,6 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeApi
 		Privileged:     config.GetPrivileged(),
 	}

-	// Set sysctls if requested
-	sysctls, err := getSysctlsFromAnnotations(config.Annotations)
-	if err != nil {
-		return "", fmt.Errorf("failed to get sysctls from annotations %v for container %q: %v", config.Annotations, config.Metadata.GetName(), err)
-	}
-	hc.Sysctls = sysctls
-
 	// Apply options derived from the sandbox config.
 	if lc := sandboxConfig.GetLinux(); lc != nil {
 		// Apply Cgroup options.
@@ -176,6 +169,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeApi
 		// Note: ShmSize is handled in kube_docker_client.go
 	}

+	var err error
 	hc.SecurityOpt, err = getContainerSecurityOpts(config.Metadata.GetName(), sandboxConfig, ds.seccompProfileRoot)
 	if err != nil {
 		return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.GetName(), err)