Allow privileged containers in Kubernetes on Google Container (GKE)

Question

Allow privileged containers in Kubernetes on Google Container (GKE)

I am using a Kubernetes cluster deployed through the Google Container Engine (GKE) from the Google Cloud Developer console, cluster version 0.19.3. I would like to run a privileged container, for example in Kubernetes NFS Server :

apiVersion: v1 kind: Pod metadata: name: nfs-server labels: role: nfs-server spec: containers: - name: nfs-server image: jsafrane/nfs-data ports: - name: nfs containerPort: 2049 securityContext: privileged: true

Because the standard configuration of the Google Container Engine does not allow privileged containers, the Kubernetes API immediately returns the following error:

Server error: Under "nfs-server" is not allowed: spec.containers [0] .securityContext.privileged: forbidden '<*> (0xc20a027396) true'

How to allow privileged containers in my google container cluster?

+6

google-container-engine kubernetes google-cloud-platform

Caleb Jun 29 '15 at 19:51

source share

2 answers

This post talks about this (look at the end).

0

Thibault deheurles Jun 29 '15 at 21:13

source share

Robert Bailey · Accepted Answer · 2015-06-29T20:21:28+0000

Update. Privileged mode is now enabled by default, starting with the release of Kubernetes version 1.1, which is now available in the Google Container Engine.

Running privileged containers (including the NFS server in this example) is currently not possible in the Google Container Engine. We are considering ways to solve this problem (adding a flag when creating your cluster to provide privileged containers, creating privileged containers as part of access control, etc.). For now, if you need to run privileged containers, you need to start your own cluster using the GCE provider.

Allow privileged containers in Kubernetes on Google Container (GKE)

More articles: