kubernetes 容器内的 VirtualBox
VirtualBox inside kubernetes container
Headless VirtualBox 在 Docker 容器内成功 运行s
docker run --device=/dev/vboxdrv:/dev/vboxdrv my-vb
我需要在 Kubernetes 上 运行 这个镜像,我得到:
VBoxHeadless: Error -1909 in suplibOsInit!
VBoxHeadless: Kernel driver not accessible
Kubernetes 对象:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
这个图像 运行s 在 Docker 中所以一定是 Kubernetes 配置中的问题。
这项工作的配置需要稍作修改:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
securityContext: # << added
privileged: true
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
要能够 运行 特权容器,您需要:
- kube-apiserver 运行 --allow-privileged
- kubelet(所有可能有这个容器的主机)运行 --allow-privileged=true
在 https://kubernetes.io/docs/concepts/workloads/pods/pod/#privileged-mode-for-pod-containers
查看更多
一旦它工作正常通过PodSecurityPolicy
Headless VirtualBox 在 Docker 容器内成功 运行s
docker run --device=/dev/vboxdrv:/dev/vboxdrv my-vb
我需要在 Kubernetes 上 运行 这个镜像,我得到:
VBoxHeadless: Error -1909 in suplibOsInit!
VBoxHeadless: Kernel driver not accessible
Kubernetes 对象:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
这个图像 运行s 在 Docker 中所以一定是 Kubernetes 配置中的问题。
这项工作的配置需要稍作修改:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
securityContext: # << added
privileged: true
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
要能够 运行 特权容器,您需要:
- kube-apiserver 运行 --allow-privileged
- kubelet(所有可能有这个容器的主机)运行 --allow-privileged=true
在 https://kubernetes.io/docs/concepts/workloads/pods/pod/#privileged-mode-for-pod-containers
查看更多一旦它工作正常通过PodSecurityPolicy