Create pidns for rootless

pkg/rootless/mounts.go

@@ -17,6 +17,8 @@ func setupMounts(stateDir string) error {
 		{"/var/run", ""},
 		{"/var/log", filepath.Join(stateDir, "logs")},
 		{"/var/lib/cni", filepath.Join(stateDir, "cni")},
+		{"/var/lib/kubelet", filepath.Join(stateDir, "kubelet")},
+		{"/etc/rancher", filepath.Join(stateDir, "etc", "rancher")},
 	}
 
 	for _, v := range mountMap {

pkg/rootless/rootless.go

@@ -89,7 +89,8 @@ func createParentOpt(stateDir string) (*parent.Opt, error) {
 	}
 
 	opt := &parent.Opt{
-		StateDir: stateDir,
+		StateDir:    stateDir,
+		CreatePIDNS: true,
 	}
 
 	mtu := 0
@@ -102,7 +103,7 @@ func createParentOpt(stateDir string) (*parent.Opt, error) {
 	if _, err := exec.LookPath(binary); err != nil {
 		return nil, err
 	}
-	opt.NetworkDriver = slirp4netns.NewParentDriver(binary, mtu, ipnet, disableHostLoopback, "")
+	opt.NetworkDriver = slirp4netns.NewParentDriver(binary, mtu, ipnet, disableHostLoopback, "", false, false)
 	opt.PortDriver, err = portbuiltin.NewParentDriver(&logrusDebugWriter{}, stateDir)
 	if err != nil {
 		return nil, err
@@ -130,5 +131,7 @@ func createChildOpt() (*child.Opt, error) {
 	opt.PortDriver = portbuiltin.NewChildDriver(&logrusDebugWriter{})
 	opt.CopyUpDirs = []string{"/etc", "/run", "/var/lib"}
 	opt.CopyUpDriver = tmpfssymlink.NewChildDriver()
+	opt.MountProcfs = true
+	opt.Reaper = true
 	return opt, nil
 }

pkg/rootlessports/controller.go

@@ -17,7 +17,7 @@ var (
 	all = "_all_"
 )
 
-func Register(ctx context.Context, serviceController coreClients.ServiceController, httpsPort int) error {
+func Register(ctx context.Context, serviceController coreClients.ServiceController, enabled bool, httpsPort int) error {
 	var (
 		err            error
 		rootlessClient client.Client
@@ -41,6 +41,7 @@ func Register(ctx context.Context, serviceController coreClients.ServiceControll
 	}
 
 	h := &handler{
+		enabled:        enabled,
 		rootlessClient: rootlessClient,
 		serviceClient:  serviceController,
 		serviceCache:   serviceController.Cache(),
@@ -54,6 +55,7 @@ func Register(ctx context.Context, serviceController coreClients.ServiceControll
 }
 
 type handler struct {
+	enabled        bool
 	rootlessClient client.Client
 	serviceClient  coreClients.ServiceController
 	serviceCache   coreClients.ServiceCache
@@ -122,6 +124,11 @@ func (h *handler) toBindPorts() (map[int]int, error) {
 	toBindPorts := map[int]int{
 		h.httpsPort: h.httpsPort,
 	}
+
+	if !h.enabled {
+		return toBindPorts, nil
+	}
+
 	for _, svc := range svcs {
 		for _, ingress := range svc.Status.LoadBalancer.Ingress {
 			if ingress.IP == "" {

pkg/server/server.go

@@ -151,8 +151,8 @@ func masterControllers(ctx context.Context, sc *Context, config *Config) error {
 		return err
 	}
 
-	if !config.DisableServiceLB && config.Rootless {
+	if config.Rootless {
-		return rootlessports.Register(ctx, sc.Core.Core().V1().Service(), config.ControlConfig.HTTPSPort)
+		return rootlessports.Register(ctx, sc.Core.Core().V1().Service(), !config.DisableServiceLB, config.ControlConfig.HTTPSPort)
 	}
 
 	return nil