Skip to content

Instantly share code, notes, and snippets.

@jessfraz

jessfraz/rawaccess-and-img.md

Last active April 23, 2018 22:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jessfraz/88ae434f5be33a200c485881483943d3 to your computer and use it in GitHub Desktop.
Save jessfraz/88ae434f5be33a200c485881483943d3 to your computer and use it in GitHub Desktop.
Download ZIP
img and acs-engine
Raw
rawaccess-and-img.md

deploying acs-engine with rawaccess

$ git clone git@github.com:jessfraz/acs-engine
$ git checkout rawaccess
$ make
$ ./bin/acs-engine deploy --subscription-id $SUBSCRIPTION_ID \
	--dns-prefix jessfraz-rawaccess \
	--location eastus --auto-suffix \
	--api-model examples/kubernetes.json

You need to make sure the docker version running on the nodes is the patched version:

$ docker version
Client:
 Version:      1.13.1
 API version:  1.26
 Go version:   go1.7.5
 Git commit:   092cba3
 Built:        Wed Feb  8 06:50:14 2017
 OS/Arch:      linux/amd64

Server:
 Version:      1.13.1
 API version:  1.26 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   493f5a8-unsupported
 Built:        Mon Apr 23 21:49:46 2018
 OS/Arch:      linux/amd64
 Experimental: false

If it is not this version (somehow the patched version doesnt always download) you need to ssh into the nodes and run:

$ sudo systemctl stop docker
$ sudo curl -sSL -o /usr/bin/dockerd https://misc.j3ss.co/tmp/dockerd
$ sudo systemctl restart docker

Caveats

You might see something like the kubelet's failing to start because --feature-flag Accelerators=true could not be found.

In this case, on each node where this is an issue, edit /etc/default/kubelet and remove the --feature-flag for Accelerators.

Then run:

$ sudo systemctl restart kubelet

running an img pod with rawaccess

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: img
  name: img
  annotations:
    container.apparmor.security.beta.kubernetes.io/img: unconfined
spec:
  initContainers:
    # This container clones the desired git repo to the EmptyDir volume.
    - name: git-clone
      image: r.j3ss.co/jq
      args:
        - git
        - clone
        - --single-branch
        - --
        - https://github.com/jessfraz/dockerfiles
        - /repo # Put it in the volume
      securityContext:
        runAsUser: 1000
        allowPrivilegeEscalation: false
      volumeMounts:
        - name: git-repo
          mountPath: /repo
  containers:
  - image: r.j3ss.co/img
    imagePullPolicy: Always
    name: img
    resources: {}
    workingDir: /repo
    command:
      - img
      - build
      - -backend=naive
      - -t=coredns
      - -state=/state
      - coredns/
    securityContext:
      runAsUser: 1000
      rawProc: true
    volumeMounts:
    - name: cache-volume
      mountPath: /state
    - name: git-repo
      mountPath: /repo
  volumes:
  - name: cache-volume
    emptyDir: {}
  - name: git-repo
    emptyDir: {}
  restartPolicy: Never
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment