New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: kubelet/rkt: Support rkt for container runtime. (Splitted into other PRs) #7244
Conversation
PR description SGTM. Is PR itself ready for review? |
@dchen1107 No... I will remove WIP and split the commits once ready :) |
/cc @bakins |
603d2bf
to
3cdd2e3
Compare
@pweil- please be aware of this w.r.t. security context so that the changes you are making are appropriately abstractable for Yifan |
We also need to accommodate rocket with pre-start hooks
|
@yifan-gu thanks for the rkt support. I was experimenting with rkt on k8s through a privileged docker container a few days ago. Nice to see it coming in as a first class citizen. Are you planning to accommodate per namespace trusted keys, maybe through secrets or some other means? |
Cc @liggitt re: pull secrets - the delivery method for pull secrets to the kubelet will differ between rocket and docker unless rocket supports .dockercfg. I think we can let supporting pull secrets be a follow on for the rocket plugin.
|
Sounds good, thanks @smarterclayton
|
@smarterclayton - will read through this today. Thanks for the heads up |
btw can we get the Godeps merged first as a separate PR? GitHub chokes trying to review such a large change and doesn't let us see the important parts of this PR. |
Do you expect to use secrets for credentials for image pull in this PR? |
Good idea. Will do after one more commit (trying to get pid, exit code in status) |
+1 on separate PR on Godeps. Thanks! |
@pmorie Good question. I haven't plan for using secrets in this PR. I'm not sure what's the plan for secrets for image pulling. Are we going to add a credential provider for secret volumes ?? |
@yifan-gu excellent question. We definitely need to support secrets from a
|
The plan is no, at this moment - pull secrets are outside of the volumes (because they are managed outside of the containers)
|
Got it, thanks! @smarterclayton @pmorie |
@pmorie yes, it may take some time to do completely though. |
f28903a
to
d9bb48e
Compare
@vmarmol @dchen1107 I have most the missing functions implemented. Will do a cleanup and rebase. Note that Also a few functions' signature needs to sync with runtime. |
Let's use this PR to track the missing functions for experimental rkt support in k8s:
(Expected version of rkt: 0.5.4)
Unify the container image format, let's assume it's docker images for now.I decided to abort this for now, let's just dodocker://
for now until we get a solution for Add RunInContainer/ExecInContainer to container Runtime API. #7208What I am missing? @vmarmol @dchen1107 @jonboulle
Update: