如何在k8s Pod中启用systemd

huangapple
go评论91阅读模式
英文:

How to enable systemd within a k8s Pod

问题

我正在我的K8s集群上运行Kata容器,并希望在容器中使用systemd。

使用以下Dockerfile来构建我的镜像:

  1. FROM ubuntu:20.04
  2. ENV DEBIAN_FRONTEND=noninteractive
  3. RUN apt-get update && apt-get install -y systemd systemd-sysv && apt-get clean && rm -rf /var/lib/apt/lists/*
  4. # 禁用一些不需要的服务,可能会引发问题
  5. CMD ["/sbin/init"]

这是我的Pod的YAML文件:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: pod6
  5. spec:
  6.   runtimeClassName: kata-qemu
  7.   containers:
  8.   - name: c1
  9.     image: my-ubuntu-systemd:latest
  10.     imagePullPolicy: Always
  11.     command:
  12.       - bash
  13.     securityContext:
  14.       privileged: true
  15.       capabilities:
  16.             add: ["SYS_ADMIN"]
  17.     volumeMounts:
  18.     - name: cgroup
  19.       mountPath: /sys/fs/cgroup
  20.       readOnly: true
  21.     - name: tmp
  22.       mountPath: /tmp
  23.       subPath: tmp
  24.     - name: tmp
  25.       mountPath: /run
  26.       subPath: run
  27.     - name: tmp
  28.       mountPath: /run/lock
  29.       subPath: run-lock
  30.   volumes:
  31.   - name: cgroup
  32.     hostPath:
  33.       path: /sys/fs/cgroup
  34.       type: Directory
  35.   - name: tmp
  36.     emptyDir:
  37.      medium: Memory
  38.      sizeLimit: 128Mi

当我进入Pod后,出现以下问题:

  1. root@pod6:/# systemctl status
  2. System has not been booted with systemd as init system (PID 1). Can't operate.
  3. Failed to connect to bus: Host is down

我该如何解决这个问题?

英文:

I am running a kata containers on my k8s cluster and would like to use systemd within the pod.

Using the following dockerfile to build my image:

  1. FROM ubuntu:20.04
  2. ENV DEBIAN_FRONTEND=noninteractive
  3. RUN apt-get update && apt-get install -y systemd systemd-sysv && apt-get clean && rm -rf /var/lib/apt/lists/*
  4. # Disable some services that we do not need and which can cause issues
  5. CMD ["/sbin/init"]

And this is my yaml file for the pod:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: pod6
  5. spec:
  6.   runtimeClassName: kata-qemu
  7.   containers:
  8.   - name: c1
  9.     image: my-ubuntu-systemd:latest
  10.     imagePullPolicy: Always
  11.     command:
  12.       - bash
  13.     securityContext:
  14.       privileged: true
  15.       capabilities:
  16.             add: ["SYS_ADMIN"]
  17.     volumeMounts:
  18.     - name: cgroup
  19.       mountPath: /sys/fs/cgroup
  20.       readOnly: true
  21.     - name: tmp
  22.       mountPath: /tmp
  23.       subPath: tmp
  24.     - name: tmp
  25.       mountPath: /run
  26.       subPath: run
  27.     - name: tmp
  28.       mountPath: /run/lock
  29.       subPath: run-lock
  30.   volumes:
  31.   - name: cgroup
  32.     hostPath:
  33.       path: /sys/fs/cgroup
  34.       type: Directory
  35.   - name: tmp
  36.     emptyDir:
  37.      medium: Memory
  38.      sizeLimit: 128Mi

Once I am in the pod, getting the following:

  1. root@pod6:/# systemctl status
  2. System has not been booted with systemd as init system (PID 1). Can't operate.
  3. Failed to connect to bus: Host is down

What can I do to fix this?

答案1

得分: 0

找到答案:

不是启动bash,而是启动systemd:

命令:
- /usr/lib/systemd/systemd

英文:

Found the answer:

Instead of launching bash, I am launching systemd:

  1. command:
  2.       - /usr/lib/systemd/systemd

答案2

得分: 0

在命令中使用 systemd 对我来说行不通,因为我需要将脚本作为命令/参数运行。如果您手动进入容器并执行,它可以正常工作,但如果命令/参数中有类似 bash my-script.sh 的内容,它会挂起。

在这种情况下,https://stackoverflow.com/questions/73714080/entrypoint-of-systemd-container-for-gitlab-ci 更相关。

英文:

Using systemd in command doesn't work for me in the case that I need to run a script as command/args. It works fine if you manually exec into the container, but it hangs if you have something like bash my-script.sh as command/args.

https://stackoverflow.com/questions/73714080/entrypoint-of-systemd-container-for-gitlab-ci is more relevant in that case.

huangapple
  • 本文由 发表于 2023年6月22日 03:44:34
  • 转载请务必保留本文链接:https://go.coder-hub.com/76526642.html
  • kata-containers
  • kubernetes
  • systemd
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定