From 1a9b0d6018e4a166640ab925acedca1c18cd2c8d Mon Sep 17 00:00:00 2001 From: Filip Grzadkowski Date: Tue, 1 Sep 2015 16:42:05 +0200 Subject: [PATCH] Fix mounting volumes in docker based kubernetes setup. --- cluster/images/hyperkube/Dockerfile | 9 ++++++--- docs/getting-started-guides/docker.md | 15 ++++++++++++--- pkg/util/mount/nsenter_mount.go | 9 +++++---- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/cluster/images/hyperkube/Dockerfile b/cluster/images/hyperkube/Dockerfile index 98916f9e098..f1799ac9492 100644 --- a/cluster/images/hyperkube/Dockerfile +++ b/cluster/images/hyperkube/Dockerfile @@ -1,12 +1,15 @@ -FROM google/debian:wheezy +FROM debian:jessie RUN apt-get update -RUN apt-get -yy -q install iptables ca-certificates +RUN apt-get -yy -q install iptables ca-certificates file util-linux + +RUN cp /usr/bin/nsenter /nsenter + COPY hyperkube /hyperkube RUN chmod a+rx /hyperkube - COPY master-multi.json /etc/kubernetes/manifests-multi/master.json COPY master.json /etc/kubernetes/manifests/master.json + COPY safe_format_and_mount /usr/share/google/safe_format_and_mount RUN chmod a+rx /usr/share/google/safe_format_and_mount diff --git a/docs/getting-started-guides/docker.md b/docs/getting-started-guides/docker.md index c2b447e9694..7028035f232 100644 --- a/docs/getting-started-guides/docker.md +++ b/docs/getting-started-guides/docker.md @@ -92,15 +92,24 @@ docker run --net=host -d gcr.io/google_containers/etcd:2.0.12 /usr/local/bin/etc ### Step Two: Run the master ```sh -docker run --net=host --privileged -d -v /sys:/sys:ro -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v1.0.1 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests +docker run \ + --volume=/:/rootfs:ro \ + --volume=/sys:/sys:ro \ + --volume=/dev:/dev \ + --volume=/var/lib/docker/:/var/lib/docker:ro \ + --volume=/var/lib/kubelet/:/var/lib/kubelet:rw \ + --volume=/var/run:/var/run:rw \ + --net=host \ + --privileged=true \ + -d \ + gcr.io/google_containers/hyperkube:v1.0.1 \ + /hyperkube kubelet --containerized --hostname-override="127.0.0.1" --address="0.0.0.0" --api-servers=http://localhost:8080 --config=/etc/kubernetes/manifests ``` This actually runs the kubelet, which in turn runs a [pod](../user-guide/pods.md) that contains the other master components. ### Step Three: Run the service proxy -*Note, this could be combined with master above, but it requires --privileged for iptables manipulation* - ```sh docker run -d --net=host --privileged gcr.io/google_containers/hyperkube:v1.0.1 /hyperkube proxy --master=http://127.0.0.1:8080 --v=2 ``` diff --git a/pkg/util/mount/nsenter_mount.go b/pkg/util/mount/nsenter_mount.go index c2396940a20..c22863971aa 100644 --- a/pkg/util/mount/nsenter_mount.go +++ b/pkg/util/mount/nsenter_mount.go @@ -71,8 +71,8 @@ func NewNsenterMounter() *NsenterMounter { // default to root m.paths[binary] = filepath.Join("/", binary) for _, path := range []string{"/bin", "/usr/sbin", "/usr/bin"} { - binPath := filepath.Join(hostRootFsPath, path, binary) - if _, err := os.Stat(binPath); err != nil { + binPath := filepath.Join(path, binary) + if _, err := os.Stat(filepath.Join(hostRootFsPath, binPath)); err != nil { continue } m.paths[binary] = binPath @@ -176,8 +176,9 @@ func (n *NsenterMounter) IsLikelyNotMountPoint(file string) (bool, error) { exec := exec.New() out, err := exec.Command(nsenterPath, args...).CombinedOutput() if err != nil { - // If findmnt didn't run, just claim it's not a mount point. - return true, nil + // If the command itself is correct, then if we encountered error + // then most likely this means that the directory does not exist. + return true, os.ErrNotExist } strOut := strings.TrimSuffix(string(out), "\n")