无头VirtualBox成功在Docker容器中运行
docker run --device=/dev/vboxdrv:/dev/vboxdrv my-vb
我需要在Kubernetes上运行该镜像,然后得到:
VBoxHeadless: Error -1909 in suplibOsInit!
VBoxHeadless: Kernel driver not accessible
Kubernetes对象:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
该镜像在Docker中运行,因此在Kubernetes配置中一定是问题所在。
最佳答案
这项工作需要在配置中稍作修改:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
securityContext: # << added
privileged: true
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
为了能够运行特权容器,您需要具备以下条件:
在https://kubernetes.io/docs/concepts/workloads/pods/pod/#privileged-mode-for-pod-containers上查看更多
一旦起作用,就可以通过PodSecurityPolicy正确执行
关于kubernetes - Kubernetes容器内的VirtualBox,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/55342051/