nsenter

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 14, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultHostRootFsPath is path to host's filesystem mounted into container
	// with kubelet.
	DefaultHostRootFsPath = "/rootfs"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Executor

type Executor struct {
	// contains filtered or unexported fields
}

Executor wraps executor interface to be executed via nsenter

func NewNsenterExecutor

func NewNsenterExecutor(hostRootFsPath string, executor exec.Interface) *Executor

NewNsenterExecutor returns new nsenter based executor

func (*Executor) Command

func (nsExecutor *Executor) Command(cmd string, args ...string) exec.Cmd

Command returns a command wrapped with nenter

func (*Executor) CommandContext

func (nsExecutor *Executor) CommandContext(ctx context.Context, cmd string, args ...string) exec.Cmd

CommandContext returns a CommandContext wrapped with nsenter

func (*Executor) LookPath

func (nsExecutor *Executor) LookPath(file string) (string, error)

LookPath returns a LookPath wrapped with nsenter

type Nsenter

type Nsenter struct {
	// contains filtered or unexported fields
}

Nsenter is part of experimental support for running the kubelet in a container.

Nsenter requires:

  1. Docker >= 1.6 due to the dependency on the slave propagation mode of the bind-mount of the kubelet root directory in the container. Docker 1.5 used a private propagation mode for bind-mounts, so mounts performed in the host's mount namespace do not propagate out to the bind-mount in this docker version.
  2. The host's root filesystem must be available at /rootfs
  3. The nsenter binary must be on the Kubelet process' PATH in the container's filesystem.
  4. The Kubelet process must have CAP_SYS_ADMIN (required by nsenter); at the present, this effectively means that the kubelet is running in a privileged container.
  5. The volume path used by the Kubelet must be the same inside and outside the container and be writable by the container (to initialize volume) contents. TODO: remove this requirement.
  6. The host image must have "mount", "findmnt", "umount", "stat", "touch", "mkdir", "ls", "sh" and "chmod" binaries in /bin, /usr/sbin, or /usr/bin
  7. The host image should have systemd-run in /bin, /usr/sbin, or /usr/bin if systemd is installed/enabled in the operating system.

For more information about mount propagation modes, see:

https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt

func NewFakeNsenter

func NewFakeNsenter(rootfsPath string) (*Nsenter, error)

NewFakeNsenter returns a Nsenter that does not run "nsenter --mount=... --", but runs everything in the same mount namespace as the unit test binary. rootfsPath is supposed to be a symlink, e.g. /tmp/xyz/rootfs -> /. This fake Nsenter is enough for most operations, e.g. to resolve symlinks, but it's not enough to call /bin/mount - unit tests don't run as root.

func NewNsenter

func NewNsenter(hostRootFsPath string, executor exec.Interface) (*Nsenter, error)

NewNsenter constructs a new instance of Nsenter

func (*Nsenter) AbsHostPath

func (ne *Nsenter) AbsHostPath(command string) string

AbsHostPath returns the absolute runnable path for a specified command

func (ne *Nsenter) EvalSymlinks(pathname string, mustExist bool) (string, error)

EvalSymlinks returns the path name on the host after evaluating symlinks on the host. mustExist makes EvalSymlinks to return error when the path does not exist. When it's false, it evaluates symlinks of the existing part and blindly adds the non-existing part: pathname: /mnt/volume/non/existing/directory

/mnt/volume exists
           non/existing/directory does not exist

-> It resolves symlinks in /mnt/volume to say /mnt/foo and returns

/mnt/foo/non/existing/directory.

BEWARE! EvalSymlinks is not able to detect symlink looks with mustExist=false! If /tmp/link is symlink to /tmp/link, EvalSymlinks(/tmp/link/foo) returns /tmp/link/foo.

func (*Nsenter) Exec

func (ne *Nsenter) Exec(cmd string, args []string) exec.Cmd

Exec executes nsenter commands in hostProcMountNsPath mount namespace

func (*Nsenter) KubeletPath

func (ne *Nsenter) KubeletPath(pathname string) string

KubeletPath returns the path name that can be accessed by containerized kubelet. It is recommended to resolve symlinks on the host by EvalSymlinks before calling this function

func (*Nsenter) SupportsSystemd

func (ne *Nsenter) SupportsSystemd() (string, bool)

SupportsSystemd checks whether command systemd-run exists

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL