Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overhaul container entrypoint script and Docker docs #5263

Merged
merged 1 commit into from
Nov 18, 2024
Merged

Overhaul container entrypoint script and Docker docs #5263

merged 1 commit into from
Nov 18, 2024
+518 −99

Conversation

twz123
Copy link
Member

@twz123 twz123 commented Nov 15, 2024
edited
Loading

Description

Add some extra smarts to the k0s container entrypoint script. By adding cgroup setup capabilities, it's no longer necessary to use the host's cgroups when running k0s in a container. Track down and document the necessary security-related container flags, so there's a slightly more audited alternative to just using --privileged. Re-add the /run directory as tmpfs, as the data in it is not meant to be persistent and could potentially cause problems when containers are restarted.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

How Has This Been Tested?

  • Manual test
  • Auto test added

Checklist:

  • My code follows the style guidelines of this project
  • My commit messages are signed-off
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings

@twz123
Overhaul container entrypoint script and Docker docs
18d3545 
Add some extra smarts to the k0s container entrypoint script. By adding
cgroup setup capabilities, it's no longer necessary to use the host's
cgroups when running k0s in a container. Track down and document the
necessary security-related container flags, so there's a slightly
more audited alternative to just using --privileged. Re-add the /run
directory as tmpfs, as the data in it is not meant to be persistent and
could potentially cause problems when containers are restarted.

Signed-off-by: Tom Wieczorek <[email protected]>
@twz123 twz123 added documentation Improvements or additions to documentation enhancement New feature or request labels Nov 15, 2024
@twz123 twz123 marked this pull request as ready for review November 16, 2024 09:17
@twz123 twz123 requested review from a team as code owners November 16, 2024 09:17
@twz123 twz123 merged commit 5e5b1d9 into k0sproject:main Nov 18, 2024
94 checks passed
@twz123 twz123 deleted the cgroup-setup-in-docker branch November 18, 2024 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jnummelin jnummelin jnummelin approved these changes

@kke kke Awaiting requested review from kke kke is a code owner automatically assigned from k0sproject/k0s-maintainers

@juanluisvaladas juanluisvaladas Awaiting requested review from juanluisvaladas juanluisvaladas is a code owner automatically assigned from k0sproject/k0s-maintainers

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twz123 @jnummelin