rootless: add kubelet flags automatically

Fix https://github.com/rancher/k3s/issues/784 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-06-07 19:41:36 +00:00 · 2019-10-19 19:18:51 +09:00 · 2019-10-19 19:18:51 +09:00 · aafccdbccb
commit aafccdbccb
parent c998789ccb
6 changed files with 20 additions and 1 deletions
--- a/pkg/agent/config/config.go
+++ b/pkg/agent/config/config.go
@ -348,6 +348,9 @@ func get(envInfo *cmds.Agent) (*config.Node, error) {
 	nodeConfig.AgentConfig.KubeConfigNode = kubeconfigNode
 	nodeConfig.AgentConfig.KubeConfigKubelet = kubeconfigKubelet
 	nodeConfig.AgentConfig.KubeConfigKubeProxy = kubeconfigKubeproxy
+	if envInfo.Rootless {
+		nodeConfig.AgentConfig.RootDir = filepath.Join(envInfo.DataDir, "kubelet")
+	}
 	nodeConfig.AgentConfig.PauseImage = envInfo.PauseImage
 	nodeConfig.AgentConfig.IPSECPSK = controlConfig.IPSECPSK
 	nodeConfig.AgentConfig.StrongSwanDir = filepath.Join(envInfo.DataDir, "strongswan")
@ -400,6 +403,7 @@ func get(envInfo *cmds.Agent) (*config.Node, error) {
 	nodeConfig.AgentConfig.PrivateRegistry = envInfo.PrivateRegistry
 	nodeConfig.AgentConfig.DisableCCM = controlConfig.DisableCCM
 	nodeConfig.AgentConfig.DisableNPC = controlConfig.DisableNPC
+	nodeConfig.AgentConfig.Rootless = envInfo.Rootless

 	return nodeConfig, nil
 }
--- a/pkg/agent/run.go
+++ b/pkg/agent/run.go
@ -91,7 +91,7 @@ func Run(ctx context.Context, cfg cmds.Agent) error {
 		return err
 	}

-	if cfg.Rootless {
+	if cfg.Rootless && !cfg.RootlessAlreadyUnshared {
 		if err := rootless.Rootless(cfg.DataDir); err != nil {
 			return err
 		}
--- a/pkg/cli/cmds/agent.go
+++ b/pkg/cli/cmds/agent.go
@ -26,6 +26,7 @@ type Agent struct {
 	FlannelConf              string
 	Debug                    bool
 	Rootless                 bool
+	RootlessAlreadyUnshared  bool
 	AgentShared
 	ExtraKubeletArgs   cli.StringSlice
 	ExtraKubeProxyArgs cli.StringSlice
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@ -187,6 +187,11 @@ func run(app *cli.Context, cfg *cmds.Server) error {
 	agentConfig.ServerURL = url
 	agentConfig.Token = token
 	agentConfig.DisableLoadBalancer = true
+	agentConfig.Rootless = cfg.Rootless
+	if agentConfig.Rootless {
+		// let agent specify Rootless kubelet flags, but not unshare twice
+		agentConfig.RootlessAlreadyUnshared = true
+	}

 	return agent.Run(ctx, agentConfig)
 }
--- a/pkg/daemons/agent/agent.go
+++ b/pkg/daemons/agent/agent.go
@ -137,6 +137,14 @@ func kubelet(cfg *config.Agent) {
 		argsMap["cloud-provider"] = "external"
 	}

+	if cfg.Rootless {
+		// flags are from https://github.com/rootless-containers/usernetes/blob/v20190826.0/boot/kubelet.sh
+		argsMap["cgroup-driver"] = "none"
+		argsMap["feature-gates=SupportNoneCgroupDriver"] = "true"
+		argsMap["cgroups-per-qos"] = "false"
+		argsMap["enforce-node-allocatable"] = ""
+	}
+
 	args := config.GetArgsList(argsMap, cfg.ExtraKubeletArgs)
 	command.SetArgs(args)

--- a/pkg/daemons/config/types.go
+++ b/pkg/daemons/config/types.go
@ -80,6 +80,7 @@ type Agent struct {
 	PrivateRegistry     string
 	DisableCCM          bool
 	DisableNPC          bool
+	Rootless            bool
 }

 type Control struct {