From 782004bec92cea7f30b1e16f78428d9dc47dcc16 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Wed, 22 Jan 2020 10:53:24 -0700 Subject: [PATCH] Create pidns for rootless --- pkg/rootless/mounts.go | 2 ++ pkg/rootless/rootless.go | 7 +++++-- pkg/rootlessports/controller.go | 9 ++++++++- pkg/server/server.go | 4 ++-- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/pkg/rootless/mounts.go b/pkg/rootless/mounts.go index 1c820e0f7b..53cfb4cf3a 100644 --- a/pkg/rootless/mounts.go +++ b/pkg/rootless/mounts.go @@ -17,6 +17,8 @@ func setupMounts(stateDir string) error { {"/var/run", ""}, {"/var/log", filepath.Join(stateDir, "logs")}, {"/var/lib/cni", filepath.Join(stateDir, "cni")}, + {"/var/lib/kubelet", filepath.Join(stateDir, "kubelet")}, + {"/etc/rancher", filepath.Join(stateDir, "etc", "rancher")}, } for _, v := range mountMap { diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go index 32d8f8cd5a..cdb23123a2 100644 --- a/pkg/rootless/rootless.go +++ b/pkg/rootless/rootless.go @@ -89,7 +89,8 @@ func createParentOpt(stateDir string) (*parent.Opt, error) { } opt := &parent.Opt{ - StateDir: stateDir, + StateDir: stateDir, + CreatePIDNS: true, } mtu := 0 @@ -102,7 +103,7 @@ func createParentOpt(stateDir string) (*parent.Opt, error) { if _, err := exec.LookPath(binary); err != nil { return nil, err } - opt.NetworkDriver = slirp4netns.NewParentDriver(binary, mtu, ipnet, disableHostLoopback, "") + opt.NetworkDriver = slirp4netns.NewParentDriver(binary, mtu, ipnet, disableHostLoopback, "", false, false) opt.PortDriver, err = portbuiltin.NewParentDriver(&logrusDebugWriter{}, stateDir) if err != nil { return nil, err @@ -130,5 +131,7 @@ func createChildOpt() (*child.Opt, error) { opt.PortDriver = portbuiltin.NewChildDriver(&logrusDebugWriter{}) opt.CopyUpDirs = []string{"/etc", "/run", "/var/lib"} opt.CopyUpDriver = tmpfssymlink.NewChildDriver() + opt.MountProcfs = true + opt.Reaper = true return opt, nil } diff --git a/pkg/rootlessports/controller.go b/pkg/rootlessports/controller.go index e5a4a7f7af..d4c78212dc 100644 --- a/pkg/rootlessports/controller.go +++ b/pkg/rootlessports/controller.go @@ -17,7 +17,7 @@ var ( all = "_all_" ) -func Register(ctx context.Context, serviceController coreClients.ServiceController, httpsPort int) error { +func Register(ctx context.Context, serviceController coreClients.ServiceController, enabled bool, httpsPort int) error { var ( err error rootlessClient client.Client @@ -41,6 +41,7 @@ func Register(ctx context.Context, serviceController coreClients.ServiceControll } h := &handler{ + enabled: enabled, rootlessClient: rootlessClient, serviceClient: serviceController, serviceCache: serviceController.Cache(), @@ -54,6 +55,7 @@ func Register(ctx context.Context, serviceController coreClients.ServiceControll } type handler struct { + enabled bool rootlessClient client.Client serviceClient coreClients.ServiceController serviceCache coreClients.ServiceCache @@ -122,6 +124,11 @@ func (h *handler) toBindPorts() (map[int]int, error) { toBindPorts := map[int]int{ h.httpsPort: h.httpsPort, } + + if !h.enabled { + return toBindPorts, nil + } + for _, svc := range svcs { for _, ingress := range svc.Status.LoadBalancer.Ingress { if ingress.IP == "" { diff --git a/pkg/server/server.go b/pkg/server/server.go index e0ca1a8f9e..1864be1490 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -151,8 +151,8 @@ func masterControllers(ctx context.Context, sc *Context, config *Config) error { return err } - if !config.DisableServiceLB && config.Rootless { - return rootlessports.Register(ctx, sc.Core.Core().V1().Service(), config.ControlConfig.HTTPSPort) + if config.Rootless { + return rootlessports.Register(ctx, sc.Core.Core().V1().Service(), !config.DisableServiceLB, config.ControlConfig.HTTPSPort) } return nil