Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Allow Privileged Containers in Kubernetes on Google Container (GKE)

Tags:

google-cloud-platform

kubernetes

google-kubernetes-engine

I am using a Kubernetes cluster deployed through Google Container Engine (GKE) from the Google Cloud Developer's Console, cluster version 0.19.3. I would like to run a privileged container, like in the Kubernetes NFS Server example:

apiVersion: v1
kind: Pod
metadata:
  name: nfs-server
  labels:
    role: nfs-server
spec:
  containers:
    - name: nfs-server
      image: jsafrane/nfs-data
      ports:
        - name: nfs
          containerPort: 2049
      securityContext:
        privileged: true

Since the default Google Container Engine configuration does not allow privileged containers, the Kubernetes API imediately returns the following error:

Error from server: Pod "nfs-server" is invalid: spec.containers[0].securityContext.privileged: forbidden '<*>(0xc20a027396)true'

How can I allow privileged containers in my Google Container Engine cluster?

like image 486
Caleb Avatar asked Jun 29 '15 19:06

Caleb

People also ask

How do you make a container privileged in Kubernetes?

Running a pod in a privileged mode means that the pod can access the host's resources and kernel capabilities. You can turn a pod into a privileged one by setting the privileged flag to `true` (by default a container is not allowed to access any devices on the host).

How can you enable clients inside a GKE cluster to be able to contact pods?

By default, you get a stable cluster IP address that clients inside the cluster can use to contact Pods in the Service. A client sends a request to the stable IP address, and the request is routed to one of the Pods in the Service.

How do I give access to GKE cluster?

To enable access to your user clusters using the GKE console, complete the following steps: Create a node-reader. yaml file that allows you to access the cluster. Apply this file to the cluster that you want to log into with the kubectl command.

What is privileged mode in Kubernetes?

privileged : determines if any container in a pod can enable privileged mode. By default a container is not allowed to access any devices on the host, but a "privileged" container is given access to all devices on the host. This allows the container nearly all the same access as processes running on the host.

1 Answers

Update: Privileged mode is now enabled by default starting with the 1.1 release of Kubernetes which is now available in Google Container Engine.

Running privileged containers (including the NFS server in that example) isn't currently possible in Google Container Engine. We are looking at ways to solve this (adding a flag when creating your cluster to allow privileged containers; making privileged containers part of admission control; etc). For now, if you need to run privileged containers you'll need to launch your own cluster using the GCE provider.

like image 80
Robert Bailey Avatar answered Sep 24 '22 05:09

Robert Bailey
Sign in to Comment

Related questions

GKE + WebSocket + NodePort 30s dropped connections
Google Cloud ML-engine scikit-learn prediction probability 'predict_proba()'
HTTP Load Balancer Custom Error Page
How to fix incosistent and slow Google Cloud Storage response times?
Kubernetes scaling based on network utilization or requests per second
Elasticsearch as a service for GCP
Angular 7 Routing in Google Cloud App Engine not working
How to access Google Cloud Engine instance's IP address via browser
Google Cloud SQL Storage Usage High Issue
Using Flask Routing in GCP Function?
Google Developers Console API page not loading
How can i implement a CDN with Firebase Storage?
How to Bind and Send from Google Cloud Forwarding Rule IP Address?
GCP - Verify ownership of a cloud function https endpoint for a PubSub push
How to access a GCP Cloud Source Repository from another project?
Difference between Virtual machine and instance
Python Google Cloud Function Logging Severity and Duplicates
Google cloud storage python client AttributeError: 'ClientOptions' object has no attribute 'scopes' occurs after deployment
How to authenticate to Google Cloud API without Application Default Credentials or Cloud SDK?
How to retrieve the most recent file in cloud storage bucket?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!