usage on K8S - not so trivial and mounting does not seem to work.

Question

usage on K8S - not so trivial and mounting does not seem to work.

strus38 opened this issue 4 years ago · 2 comments

hi
I am trying to use this container in my K8S cluster, and I ended up by having to run the container like this:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ansible
spec:
  selector:
    matchLabels:
      app: ansible
  replicas: 1
  strategy: {}
  template:
    metadata:
      labels:
        app: ansible
      annotations:
        prometheus.io/scrape: "true"
    spec:
      containers:
      - name: ansible
        image: geerlingguy/docker-ubuntu1804-ansible:latest
        imagePullPolicy: IfNotPresent
        stdin: true
        tty: true
        env:
          - name: container
            value: docker
        resources:
          limits:
            cpu: 200m
            memory: 64Mi
          requests:
            cpu: 200m
            memory: 64Mi
        volumeMounts:
          - name: cgroup
            mountPath: /sys/fs/cgroup:ro
          - name: varrun
            mountPath: /run
          - name: varlock
            mountPath: /run/lock
          - name: fuse
            mountPath: /sys/fs/fuse/connections
          - name:  hugepages
            mountPath:  /dev/hugepages
          - name: playbooks
            mountPath: /etc/ansible:ro
        securityContext:
          allowPrivilegeEscalation: true
          capabilities:
            add: ["SYS_ADMIN"]
      restartPolicy: Always
      volumes:
        - name: cgroup
          hostPath:
            path: /sys/fs/cgroup
            type: DirectoryOrCreate
        - name: varrun
          emptyDir:
            medium: Memory
        - name: varlock
          emptyDir:
            medium: Memory
        - name: fuse
          emptyDir:
            medium: Memory
        - name: hugepages
          emptyDir:
            medium: Memory
        - name: playbooks
          hostPath:
            path:  "/mnt/c/Users/miamore/Documents/Projects/kubeverse/orchestratedRPiCluster/rpicluster/ansible"
            type: Directory

But the path where my playbooks are is never mounted (running K8S nodes on VirtualBox on a windows10 laptop, launching the yaml from the Powershell console)

No error, but nothing appears.

2020-07-13T15:13:39.911256137Z systemd 237 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid)
2020-07-13T15:13:39.917895692Z Detected virtualization docker.
2020-07-13T15:13:39.917931888Z Detected architecture x86-64.
2020-07-13T15:13:39.917936462Z 
2020-07-13T15:13:39.917940532Z Welcome to Ubuntu 18.04.3 LTS!
2020-07-13T15:13:39.917944994Z 
2020-07-13T15:13:39.917948780Z Set hostname to <ansible-565979d8bb-znfxz>.
2020-07-13T15:13:40.203254035Z File /lib/systemd/system/systemd-journald.service:36 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
2020-07-13T15:13:40.203271936Z Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
2020-07-13T15:13:40.296377304Z [  OK  ] Started Forward Password Requests to Wall Directory Watch.
2020-07-13T15:13:40.298128624Z [  OK  ] Created slice System Slice.
2020-07-13T15:13:40.298383970Z [  OK  ] Started Dispatch Password Requests to Console Directory Watch.
2020-07-13T15:13:40.298396018Z [  OK  ] Reached target Slices.
2020-07-13T15:13:40.298398866Z [  OK  ] Reached target Swap.
2020-07-13T15:13:40.298774115Z [  OK  ] Listening on Journal Socket.
2020-07-13T15:13:40.299259930Z [  OK  ] Listening on Journal Socket (/dev/log).
2020-07-13T15:13:40.299267257Z [  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
2020-07-13T15:13:40.299269793Z [  OK  ] Reached target Local Encrypted Volumes.
2020-07-13T15:13:40.299272251Z [  OK  ] Reached target Remote File Systems.
2020-07-13T15:13:40.299346468Z [  OK  ] Listening on Syslog Socket.
2020-07-13T15:13:40.299631606Z [  OK  ] Reached target Local File Systems (Pre).
2020-07-13T15:13:40.299637542Z [  OK  ] Reached target Local File Systems.
2020-07-13T15:13:40.299884823Z [  OK  ] Reached target Sockets.
2020-07-13T15:13:40.301765509Z          Starting Journal Service...
2020-07-13T15:13:40.416381716Z [  OK  ] Started Journal Service.
2020-07-13T15:13:40.421765837Z          Starting Flush Journal to Persistent Storage...
2020-07-13T15:13:40.520704478Z [  OK  ] Started Flush Journal to Persistent Storage.
2020-07-13T15:13:40.521279757Z          Starting Create Volatile Files and Directories...
2020-07-13T15:13:40.532269755Z [  OK  ] Started Create Volatile Files and Directories.
2020-07-13T15:13:40.532307756Z          Starting Network Name Resolution...
2020-07-13T15:13:40.532328631Z [  OK  ] Reached target System Time Synchronized.
2020-07-13T15:13:40.532332980Z          Starting Update UTMP about System Boot/Shutdown...
2020-07-13T15:13:40.694509588Z [  OK  ] Started Update UTMP about System Boot/Shutdown.
2020-07-13T15:13:40.694919284Z [  OK  ] Reached target System Initialization.
2020-07-13T15:13:40.696462271Z [  OK  ] Started systemd-cron daily timer.
2020-07-13T15:13:40.697095043Z [  OK  ] Started Message of the Day.
2020-07-13T15:13:40.698591199Z [  OK  ] Started systemd-cron monthly timer.
2020-07-13T15:13:40.698848002Z [  OK  ] Started Daily Cleanup of Temporary Directories.
2020-07-13T15:13:40.699399559Z [  OK  ] Started systemd-cron weekly timer.
2020-07-13T15:13:40.699670842Z [  OK  ] Started Daily apt download activities.
2020-07-13T15:13:40.699928514Z [  OK  ] Started systemd-cron path monitor.
2020-07-13T15:13:40.700299409Z [  OK  ] Reached target Paths.
2020-07-13T15:13:40.701609709Z [  OK  ] Reached target Basic System.
2020-07-13T15:13:40.703434725Z          Starting System Logging Service...
2020-07-13T15:13:40.704926709Z          Starting Permit User Sessions...
2020-07-13T15:13:40.705381797Z [  OK  ] Started Daily apt upgrade and clean activities.
2020-07-13T15:13:40.705403005Z [  OK  ] Started systemd-cron hourly timer.
2020-07-13T15:13:40.705406763Z [  OK  ] Reached target Timers.
2020-07-13T15:13:40.705409828Z [  OK  ] Reached target systemd-cron.
2020-07-13T15:13:40.705564651Z [  OK  ] Started Network Name Resolution.
2020-07-13T15:13:40.705872469Z [  OK  ] Reached target Host and Network Name Lookups.
2020-07-13T15:13:40.711094021Z [  OK  ] Started Permit User Sessions.
2020-07-13T15:13:40.800680287Z [  OK  ] Started System Logging Service.
2020-07-13T15:13:40.800797114Z [  OK  ] Reached target Multi-User System.
2020-07-13T15:13:40.801452268Z [  OK  ] Reached target Graphical Interface.
2020-07-13T15:13:40.803345654Z          Starting Update UTMP about System Runlevel Changes...
2020-07-13T15:13:40.809684791Z [  OK  ] Started Update UTMP about System Runlevel Changes.

Any ideas?
Thanks!

Answer 1 · 2020-07-23T16:53:45.000Z

That's something you'll have to try to get working on your own—unfortunately, use in K8s is not a use case that I think I'd want to support for these docker containers. They should run just like any other container, but getting them to work with the right privileges and mount options for a K8s deployment could be more challenging, since they expect to be able to run systemd and that's a little bit counter to the way Kubernetes expects containers to run.

Answer 2 · 2020-07-23T20:04:30.000Z

Thanks. The issue was because of virtualbox. Le jeu. 23 juil. 2020 à 18:54, Jeff Geerling <notifications@github.com> a écrit :

…

Closed #21 <#21>. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#21 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABM6DUY7FTSA54MMTOMEUNDR5BTKRANCNFSM4OYS4GGA> .