search

rootless-containers / usernetes

Kubernetes without the root privileges
https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
Apache License 2.0
865 stars 58 forks source link

Allow kernel.dmesg_restrict=1 #204

Closed AkihiroSuda closed 3 years ago

AkihiroSuda commented 3 years ago

https://github.com/rootless-containers/usernetes/blob/v20201118.0/install.sh#L148-L152

If we set kernel.dmesg_restrict=1 and remove this check, kubelet fails to start up

kubelet-containerd.sh[27857]: F1118 04:38:15.095965     167 server.go:269] failed to run Kubelet: failed to create kubelet: open /dev/kmsg: operation not permitted                                                        
kubelet-containerd.sh[27857]: goroutine 1 [running]:                                                                                                                                                                       
kubelet-containerd.sh[27857]: k8s.io/kubernetes/vendor/k8s.io/klog/v2.stacks(0xc000132001, 0xc000b72000, 0x86, 0x1cf)                                                                                                      
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1026 +0xb9                                                                                          
kubelet-containerd.sh[27857]: k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).output(0x6f78380, 0xc000000003, 0x0, 0x0, 0xc0007c51f0, 0x6dff5e3, 0x9, 0x10d, 0x40e500)                                                 
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:975 +0x19b                                                                                          
kubelet-containerd.sh[27857]: k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).printDepth(0x6f78380, 0xc000000003, 0x0, 0x0, 0x0, 0x0, 0x1, 0xc000e640e0, 0x1, 0x1)
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:732 +0x16f                                                                                          
kubelet-containerd.sh[27857]: k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).print(...)                                                                                                                               
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:714                                                                                                 
kubelet-containerd.sh[27857]: k8s.io/kubernetes/vendor/k8s.io/klog/v2.Fatal(...)                                                                                                                                           
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1482                         
kubelet-containerd.sh[27857]: k8s.io/kubernetes/cmd/kubelet/app.NewKubeletCommand.func1(0xc000a73340, 0xc000138010, 0xe, 0xe)                  
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/cmd/kubelet/app/server.go:269 +0x845                                                                                              
kubelet-containerd.sh[27857]: k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute(0xc000a73340, 0xc000138010, 0xe, 0xe, 0xc000a73340, 0xc000138010)                                                         
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:854 +0x2c2                                                                               
kubelet-containerd.sh[27857]: k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc000a73340, 0x164862cbdabf3cf0, 0x6f77f40, 0x406525)
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:958 +0x375                                                                               
kubelet-containerd.sh[27857]: k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute(...)                                                                                                                      
kubelet-containerd.sh[27857]:         /kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:895                                                                                      
kubelet-containerd.sh[27857]: main.main()                                                                                                                                                                                  
kubelet-containerd.sh[27857]:         _output/local/go/src/k8s.io/kubernetes/cmd/kubelet/kubelet.go:41 +0xe5
...
AkihiroSuda commented 3 years ago

We would need to ignore an error in this line: https://github.com/kubernetes/kubernetes/blob/716a0547206a71ecc6e53f8b970728bc85063a60/pkg/kubelet/kubelet.go#L472