diff --git a/Dockerfile b/Dockerfile index afbd975..cbbe136 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ LABEL BZComponent="$NAME" \ atomic.type='system' # Containerized kubelet requires nsenter -RUN dnf install -y util-linux ethtool && dnf clean all +RUN dnf install -y util-linux ethtool systemd-udev e2fsprogs xfsprogs && dnf clean all LABEL RUN /usr/bin/docker run -d --privileged --net=host --pid=host -v /:/rootfs:ro -v /sys:/sys:rw -v /var/run:/var/run:rw -v /run:/run:rw -v /var/lib/docker:/var/lib/docker:rw -v /var/lib/kubelet:/var/lib/kubelet:slave -v /var/log/containers:/var/log/containers:rw diff --git a/config.json.template b/config.json.template index 0e64af2..73d7d59 100644 --- a/config.json.template +++ b/config.json.template @@ -233,13 +233,11 @@ }, { "destination": "/dev", - "type": "tmpfs", - "source": "tmpfs", + "type": "bind", + "source": "/dev", "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" + "rbind", + "rslave" ] }, { @@ -268,16 +266,6 @@ ] }, { - "destination": "/dev/mqueue", - "type": "mqueue", - "source": "mqueue", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - }, - { "destination": "/sys", "type": "sysfs", "source": "sysfs", @@ -386,7 +374,7 @@ "resources": { "devices": [ { - "allow": false, + "allow": true, "access": "rwm" } ] diff --git a/launch.sh b/launch.sh index 4e8ea66..f7242e3 100644 --- a/launch.sh +++ b/launch.sh @@ -5,6 +5,6 @@ source /etc/kubernetes/config TEMP_KUBELET_ARGS='--cgroup-driver=systemd --cgroups-per-qos=false --enforce-node-allocatable=' -ARGS=$(echo "$@ $TEMP_KUBELET_ARGS $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBELET_API_SERVER $KUBELET_ADDRESS $KUBELET_PORT $KUBELET_HOSTNAME $KUBE_ALLOW_PRIV $KUBELET_ARGS" | xargs -n1 | sort -u -t = -k 1,1 | xargs) +ARGS="$@ $TEMP_KUBELET_ARGS $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBELET_API_SERVER $KUBELET_ADDRESS $KUBELET_PORT $KUBELET_HOSTNAME $KUBE_ALLOW_PRIV $KUBELET_ARGS" exec /usr/bin/kubelet $ARGS --containerized