Create pidns for rootless

2024-06-07 19:41:36 +00:00 · 2020-01-22 10:53:24 -07:00 · 2020-01-22 10:53:24 -07:00 · 782004bec9
commit 782004bec9
parent 0374c4f63d
4 changed files with 17 additions and 5 deletions
--- a/pkg/rootless/mounts.go
+++ b/pkg/rootless/mounts.go
@ -17,6 +17,8 @@ func setupMounts(stateDir string) error {
 		{"/var/run", ""},
 		{"/var/log", filepath.Join(stateDir, "logs")},
 		{"/var/lib/cni", filepath.Join(stateDir, "cni")},
+		{"/var/lib/kubelet", filepath.Join(stateDir, "kubelet")},
+		{"/etc/rancher", filepath.Join(stateDir, "etc", "rancher")},
 	}

 	for _, v := range mountMap {
--- a/pkg/rootless/rootless.go
+++ b/pkg/rootless/rootless.go
@ -89,7 +89,8 @@ func createParentOpt(stateDir string) (*parent.Opt, error) {
 	}

 	opt := &parent.Opt{
-		StateDir: stateDir,
+		StateDir:    stateDir,
+		CreatePIDNS: true,
 	}

 	mtu := 0
@ -102,7 +103,7 @@ func createParentOpt(stateDir string) (*parent.Opt, error) {
 	if _, err := exec.LookPath(binary); err != nil {
 		return nil, err
 	}
-	opt.NetworkDriver = slirp4netns.NewParentDriver(binary, mtu, ipnet, disableHostLoopback, "")
+	opt.NetworkDriver = slirp4netns.NewParentDriver(binary, mtu, ipnet, disableHostLoopback, "", false, false)
 	opt.PortDriver, err = portbuiltin.NewParentDriver(&logrusDebugWriter{}, stateDir)
 	if err != nil {
 		return nil, err
@ -130,5 +131,7 @@ func createChildOpt() (*child.Opt, error) {
 	opt.PortDriver = portbuiltin.NewChildDriver(&logrusDebugWriter{})
 	opt.CopyUpDirs = []string{"/etc", "/run", "/var/lib"}
 	opt.CopyUpDriver = tmpfssymlink.NewChildDriver()
+	opt.MountProcfs = true
+	opt.Reaper = true
 	return opt, nil
 }
--- a/pkg/rootlessports/controller.go
+++ b/pkg/rootlessports/controller.go
@ -17,7 +17,7 @@ var (
 	all = "_all_"
 )

-func Register(ctx context.Context, serviceController coreClients.ServiceController, httpsPort int) error {
+func Register(ctx context.Context, serviceController coreClients.ServiceController, enabled bool, httpsPort int) error {
 	var (
 		err            error
 		rootlessClient client.Client
@ -41,6 +41,7 @@ func Register(ctx context.Context, serviceController coreClients.ServiceControll
 	}

 	h := &handler{
+		enabled:        enabled,
 		rootlessClient: rootlessClient,
 		serviceClient:  serviceController,
 		serviceCache:   serviceController.Cache(),
@ -54,6 +55,7 @@ func Register(ctx context.Context, serviceController coreClients.ServiceControll
 }

 type handler struct {
+	enabled        bool
 	rootlessClient client.Client
 	serviceClient  coreClients.ServiceController
 	serviceCache   coreClients.ServiceCache
@ -122,6 +124,11 @@ func (h *handler) toBindPorts() (map[int]int, error) {
 	toBindPorts := map[int]int{
 		h.httpsPort: h.httpsPort,
 	}
+
+	if !h.enabled {
+		return toBindPorts, nil
+	}
+
 	for _, svc := range svcs {
 		for _, ingress := range svc.Status.LoadBalancer.Ingress {
 			if ingress.IP == "" {
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@ -151,8 +151,8 @@ func masterControllers(ctx context.Context, sc *Context, config *Config) error {
 		return err
 	}

-	if !config.DisableServiceLB && config.Rootless {
-		return rootlessports.Register(ctx, sc.Core.Core().V1().Service(), config.ControlConfig.HTTPSPort)
+	if config.Rootless {
+		return rootlessports.Register(ctx, sc.Core.Core().V1().Service(), !config.DisableServiceLB, config.ControlConfig.HTTPSPort)
 	}

 	return nil