package nsenter

kubernetes – k8s.io/kubernetes/pkg/util/nsenter Index | Files

import "k8s.io/kubernetes/pkg/util/nsenter"

type Nsenter struct {
	// contains filtered or unexported fields
}

Nsenter is part of experimental support for running the kubelet in a container.

Nsenter requires:

Docker >= 1.6 due to the dependency on the slave propagation mode of the bind-mount of the kubelet root directory in the container. Docker 1.5 used a private propagation mode for bind-mounts, so mounts performed in the host's mount namespace do not propagate out to the bind-mount in this docker version.
The host's root filesystem must be available at /rootfs
The nsenter binary must be on the Kubelet process' PATH in the container's filesystem.
The Kubelet process must have CAP_SYS_ADMIN (required by nsenter); at the present, this effectively means that the kubelet is running in a privileged container.
The volume path used by the Kubelet must be the same inside and outside the container and be writable by the container (to initialize volume) contents. TODO: remove this requirement.
The host image must have "mount", "findmnt", "umount", "stat", "touch", "mkdir", "ls", "sh" and "chmod" binaries in /bin, /usr/sbin, or /usr/bin
The host image should have systemd-run in /bin, /usr/sbin, or /usr/bin

For more information about mount propagation modes, see:

https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt

func NewNsenter() *Nsenter

NewNsenter constructs a new instance of Nsenter

func (ne *Nsenter) AbsHostPath(command string) string

AbsHostPath returns the absolute runnable path for a specified command

func (ne *Nsenter) Exec(cmd string, args []string) exec.Cmd

Exec executes nsenter commands in hostProcMountNsPath mount namespace

func (ne *Nsenter) SupportsSystemd() (string, bool)

SupportsSystemd checks whether command systemd-run exists

nsenter.go

Tools for package owners.