...

Package nsenter

import "k8s.io/utils/nsenter"
Overview
Index

Overview ▾

Constants

const (
    // DefaultHostRootFsPath is path to host's filesystem mounted into container
    // with kubelet.
    DefaultHostRootFsPath = "/rootfs"
)

type NSEnter

NSEnter is part of experimental support for running the kubelet in a container.

NSEnter requires:

  1. Docker >= 1.6 due to the dependency on the slave propagation mode of the bind-mount of the kubelet root directory in the container. Docker 1.5 used a private propagation mode for bind-mounts, so mounts performed in the host's mount namespace do not propagate out to the bind-mount in this docker version.
  2. The host's root filesystem must be available at /rootfs
  3. The nsenter binary must be on the Kubelet process' PATH in the container's filesystem.
  4. The Kubelet process must have CAP_SYS_ADMIN (required by nsenter); at the present, this effectively means that the kubelet is running in a privileged container.
  5. The volume path used by the Kubelet must be the same inside and outside the container and be writable by the container (to initialize volume) contents. TODO: remove this requirement.
  6. The host image must have "mount", "findmnt", "umount", "stat", "touch", "mkdir", "ls", "sh" and "chmod" binaries in /bin, /usr/sbin, or /usr/bin
  7. The host image should have systemd-run in /bin, /usr/sbin, or /usr/bin if systemd is installed/enabled in the operating system.

For more information about mount propagation modes, see: 

https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt

type NSEnter struct {
    // contains filtered or unexported fields
}

func NewFakeNsenter 

func NewFakeNsenter(rootfsPath string) (*NSEnter, error)

NewFakeNsenter returns a NSEnter that does not run "nsenter --mount=... --", but runs everything in the same mount namespace as the unit test binary. rootfsPath is supposed to be a symlink, e.g. /tmp/xyz/rootfs -> /. This fake NSEnter is enough for most operations, e.g. to resolve symlinks, but it's not enough to call /bin/mount - unit tests don't run as root.

func NewNsenter 

func NewNsenter(hostRootFsPath string, executor exec.Interface) (*NSEnter, error)

NewNsenter constructs a new instance of NSEnter

func (*NSEnter) AbsHostPath 

func (ne *NSEnter) AbsHostPath(command string) string

AbsHostPath returns the absolute runnable path for a specified command

func (*NSEnter) Command 

func (ne *NSEnter) Command(cmd string, args ...string) exec.Cmd

Command returns a command wrapped with nsenter

func (*NSEnter) CommandContext 

func (ne *NSEnter) CommandContext(ctx context.Context, cmd string, args ...string) exec.Cmd

CommandContext returns a CommandContext wrapped with nsenter 

func (ne *NSEnter) EvalSymlinks(pathname string, mustExist bool) (string, error)

EvalSymlinks returns the path name on the host after evaluating symlinks on the host. mustExist makes EvalSymlinks to return error when the path does not exist. When it's false, it evaluates symlinks of the existing part and blindly adds the non-existing part: pathname: /mnt/volume/non/existing/directory 

/mnt/volume exists
           non/existing/directory does not exist

-> It resolves symlinks in /mnt/volume to say /mnt/foo and returns 

/mnt/foo/non/existing/directory.

BEWARE! EvalSymlinks is not able to detect symlink looks with mustExist=false! If /tmp/link is symlink to /tmp/link, EvalSymlinks(/tmp/link/foo) returns /tmp/link/foo.

func (*NSEnter) Exec 

func (ne *NSEnter) Exec(cmd string, args []string) exec.Cmd

Exec executes nsenter commands in hostProcMountNsPath mount namespace

func (*NSEnter) KubeletPath 

func (ne *NSEnter) KubeletPath(pathname string) string

KubeletPath returns the path name that can be accessed by containerized kubelet. It is recommended to resolve symlinks on the host by EvalSymlinks before calling this function

func (*NSEnter) LookPath 

func (ne *NSEnter) LookPath(file string) (string, error)

LookPath returns a LookPath wrapped with nsenter

func (*NSEnter) SupportsSystemd 

func (ne *NSEnter) SupportsSystemd() (string, bool)

SupportsSystemd checks whether command systemd-run exists

type Nsenter

Nsenter is a type alias for backward compatibility 

type Nsenter = NSEnter