dweomer
commented
3 years ago These changes should also mitigate #38
Closed dweomer closed 3 years ago
dweomer
commented
3 years ago These changes should also mitigate #38
With kim binding to the containerd it is running under, buildkit requires some bidirectional mounting under /tmp, /var/lib/buildkit, and /var/lib/rancher (because the containerd persistent root lives under here). Because these are bind mounts from the "host" we can know where they are located on disk and we leverage that in some init containers to attempt to nsenter into the host pid+mount namespaces to make these locations shared. The
mount --make-rsharedattempts can fail silently without prevent kim from working as expected so long as the actual locations on disk are under shared/rshared mountpoints.Signed-off-by: Jacob Blain Christen jacob@rancher.com