Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Nsenter ¶
type Nsenter struct {
// contains filtered or unexported fields
}
Nsenter is part of experimental support for running the kubelet in a container.
Nsenter requires:
- Docker >= 1.6 due to the dependency on the slave propagation mode of the bind-mount of the kubelet root directory in the container. Docker 1.5 used a private propagation mode for bind-mounts, so mounts performed in the host's mount namespace do not propagate out to the bind-mount in this docker version.
- The host's root filesystem must be available at /rootfs
- The nsenter binary must be on the Kubelet process' PATH in the container's filesystem.
- The Kubelet process must have CAP_SYS_ADMIN (required by nsenter); at the present, this effectively means that the kubelet is running in a privileged container.
- The volume path used by the Kubelet must be the same inside and outside the container and be writable by the container (to initialize volume) contents. TODO: remove this requirement.
- The host image must have "mount", "findmnt", "umount", "stat", "touch", "mkdir", "ls", "sh" and "chmod" binaries in /bin, /usr/sbin, or /usr/bin
- The host image should have systemd-run in /bin, /usr/sbin, or /usr/bin if systemd is installed/enabled in the operating system.
For more information about mount propagation modes, see:
https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
func NewNsenter ¶
NewNsenter constructs a new instance of Nsenter
func (*Nsenter) AbsHostPath ¶
AbsHostPath returns the absolute runnable path for a specified command
func (*Nsenter) SupportsSystemd ¶
SupportsSystemd checks whether command systemd-run exists
Click to show internal directories.
Click to hide internal directories.