如何使 /etc 在 userns 中的 kubelet 的用户命名空间内可写
How to make /etc writable inside user namespace for kubelet in userns
在用户命名空间 运行 kubelet 的 kubernetes 文档中,https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/,其中一项要求是:
At least, the following directories need to be writable in the namespace (not outside the namespace):
/etc
如何在用户命名空间中实现这一点?
您在上面引用的文档部分解释说:
After unsharing the user namespace, you will also have to unshare other namespaces such as mount namespace.
You do not need to call chroot()
nor pivot_root()
after unsharing the mount namespace, however, you have to mount writable filesystems on several directories in the namespace.
在用户命名空间 运行 kubelet 的 kubernetes 文档中,https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/,其中一项要求是:
At least, the following directories need to be writable in the namespace (not outside the namespace):
/etc
如何在用户命名空间中实现这一点?
您在上面引用的文档部分解释说:
After unsharing the user namespace, you will also have to unshare other namespaces such as mount namespace.
You do not need to call
chroot()
norpivot_root()
after unsharing the mount namespace, however, you have to mount writable filesystems on several directories in the namespace.