Documentation ¶
Index ¶
- Constants
- type Executor
- type Nsenter
- func (ne *Nsenter) AbsHostPath(command string) string
- func (ne *Nsenter) EvalSymlinks(pathname string, mustExist bool) (string, error)
- func (ne *Nsenter) Exec(cmd string, args []string) exec.Cmd
- func (ne *Nsenter) KubeletPath(pathname string) string
- func (ne *Nsenter) SupportsSystemd() (string, bool)
Constants ¶
const ( // DefaultHostRootFsPath is path to host's filesystem mounted into container // with kubelet. DefaultHostRootFsPath = "/rootfs" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Executor ¶ added in v1.12.0
type Executor struct {
// contains filtered or unexported fields
}
Executor wraps executor interface to be executed via nsenter
func NewNsenterExecutor ¶ added in v1.12.0
NewNsenterExecutor returns new nsenter based executor
type Nsenter ¶
type Nsenter struct {
// contains filtered or unexported fields
}
Nsenter is part of experimental support for running the kubelet in a container.
Nsenter requires:
- Docker >= 1.6 due to the dependency on the slave propagation mode of the bind-mount of the kubelet root directory in the container. Docker 1.5 used a private propagation mode for bind-mounts, so mounts performed in the host's mount namespace do not propagate out to the bind-mount in this docker version.
- The host's root filesystem must be available at /rootfs
- The nsenter binary must be on the Kubelet process' PATH in the container's filesystem.
- The Kubelet process must have CAP_SYS_ADMIN (required by nsenter); at the present, this effectively means that the kubelet is running in a privileged container.
- The volume path used by the Kubelet must be the same inside and outside the container and be writable by the container (to initialize volume) contents. TODO: remove this requirement.
- The host image must have "mount", "findmnt", "umount", "stat", "touch", "mkdir", "ls", "sh" and "chmod" binaries in /bin, /usr/sbin, or /usr/bin
- The host image should have systemd-run in /bin, /usr/sbin, or /usr/bin if systemd is installed/enabled in the operating system.
For more information about mount propagation modes, see:
https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
func NewFakeNsenter ¶ added in v1.11.0
NewFakeNsenter returns a Nsenter that does not run "nsenter --mount=... --", but runs everything in the same mount namespace as the unit test binary. rootfsPath is supposed to be a symlink, e.g. /tmp/xyz/rootfs -> /. This fake Nsenter is enough for most operations, e.g. to resolve symlinks, but it's not enough to call /bin/mount - unit tests don't run as root.
func NewNsenter ¶
NewNsenter constructs a new instance of Nsenter
func (*Nsenter) AbsHostPath ¶
AbsHostPath returns the absolute runnable path for a specified command
func (*Nsenter) EvalSymlinks ¶ added in v1.11.0
EvalSymlinks returns the path name on the host after evaluating symlinks on the host. mustExist makes EvalSymlinks to return error when the path does not exist. When it's false, it evaluates symlinks of the existing part and blindly adds the non-existing part: pathname: /mnt/volume/non/existing/directory
/mnt/volume exists non/existing/directory does not exist
-> It resolves symlinks in /mnt/volume to say /mnt/foo and returns
/mnt/foo/non/existing/directory.
BEWARE! EvalSymlinks is not able to detect symlink looks with mustExist=false! If /tmp/link is symlink to /tmp/link, EvalSymlinks(/tmp/link/foo) returns /tmp/link/foo.
func (*Nsenter) KubeletPath ¶ added in v1.11.0
KubeletPath returns the path name that can be accessed by containerized kubelet. It is recommended to resolve symlinks on the host by EvalSymlinks before calling this function
func (*Nsenter) SupportsSystemd ¶
SupportsSystemd checks whether command systemd-run exists