kubeadm shouldn't have to run as root

[mikedanese]

From @errordeveloper on October 3, 2016 10:55

Right now kubeadm requires root access, but it shouldn't need, once we have APIs for creating pods and PKI secrets in local kubelet.

Copied from original issue: kubernetes/kubernetes#33907

[mikedanese]

From @pires on October 5, 2016 11:12

@errordeveloper this could also be part of the proposal for a kubelet pod API (#28138). Thoughts?

[mikedanese]

From @errordeveloper on October 10, 2016 15:10

@pires yes, I think this is a key UX requirement, but it's somewhat easy to overlook.

[pires]

@ethernetdan @aaronlevy wdyt?

[kad]

What about "reset" functionality ? it's not only about cleaning up pods.

[pires]

@kad I think you got the issue wrong here. Are you referring to #42?

[kad]

@pires no, #42 is about other thing. At the moment, if kubeadm reset performed, it does following operations:

# kubeadm reset
Running pre-flight checks
Stopping the kubelet service...
Unmounting directories in /var/lib/kubelet...
Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf]
Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/etcd]
Stopping all running docker containers...

Some of file operations are ok to be done as non-root, if permissions on certain directories would be enough for user under which kubeadm is executed. But some of steps like unmounts, restarts of the kubelet might still require root privileges.

[pires]

I'm sure they are related as leave would reuse reset, but I get what you mean.

@errordeveloper we have to decide if whether we can change the filesystem and manage the kubelet service state (we need root) or not (we don't need root).

[kad]

code-wise, they might be re-using some bits, but reset is less graceful than leave in my opinion.

In theory, if kubelet would allow locally to do exec into running containers of e.g. etcd and kube-proxy, it would be possible to execute in privileged mode some of filesystem operations even if kubeadm run as non-root. but that's a bit of hackish workaround, which might not work properly if kubelet is somehow not functional properly and user still wants to do hard reset of the host.

It will still keep open question about service restarts.

[luxas]

I don't think this is a priority item. Because we set up kubernetes on a node, which will effectively act as root on the node, it's not a problem to run the setup process temporarily as root.

IMO, we should focus on other things right now, but if someone has something clever to share, please speak out of course!

re: reset vs leave, please discuss that in the right thread

[luxas]

Closing this, as we won't investigate this for a very long time.
Kubernetes acts as root, and so does kubeadm, and actually kubeadm should be root, since it writes CA/serving certs, etc. to disk.