TL; DR
Крепления привязки не работают в модулях kubernetes, использующих образ dind. Пример:
mkdir code && \
docker run --rm --mount type=bind,source=$PWD/code/,target=/code/ alpine:latest sh -c 'echo "this" > code/test && ls -al code/ && cat code/test' && \
cat code/test
Фон
У меня есть настройка jenkins в k8s с использованием стабильной диаграммы руля . Это запускает подчиненное устройство jenkins, которое обеспечивает относительно безопасный способ использования Docker -in- Docker (dind). Мы используем эту настройку, чтобы развернуть docker-compose для запуска наших тестовых случаев. Идея состоит в том, что та же самая установка docker-compose, которую разработчики используют для выполнения тестов на своих локальных хостах, должна использоваться механизмом CI для выполнения тестов. В тестовых примерах используется npx mocha tests, который разбивает результат теста на путь. Если этот путь привязан к файловой системе модуля, то файл результатов теста, созданный в контейнерах, созданных docker-compose, также должен существовать в модулях. Однако, хотя такое поведение наблюдается в localhost (Mac / ubuntu), в подчиненных устройствах jenkins это не так, как в модулях k8s.
Проблема
запустите эту команду на localhost:
$ mkdir
$ docker run --rm --mount type=bind,source=$PWD/code/,target=/code/ alpine:latest sh -c 'echo "this" > code/test && ls -al code/ && cat code/test'
## output:
## total 8
## drwxr-xr-x 3 root root 96 May 29 06:59 .
## drwxr-xr-x 1 root root 4096 May 29 06:59 ..
## -rw-r--r-- 1 root root 5 May 29 06:59 test
## this
$ cat code/test
## output: this
та же команда в k8s jenkins slave:
docker run --rm --mount type=bind,source=$PWD/code/,target=/code/ alpine:latest sh -c 'echo "this" > code/test && ls -al code/ && cat code/test'
## total 4
## drwxr-xr-x 2 root root 18 May 29 05:45 .
## drwxr-xr-x 1 root root 18 May 29 05:52 ..
## -rw-r--r-- 1 root root 5 May 29 05:52 test
## this
bash-4.4# ls -al code/
## total 0
## drwxr-xr-x 2 root root 6 May 29 05:44 .
## drwxr-xr-x 1 root root 74 May 29 05:44 ..
ПРИМЕЧАНИЕ : я намеренно запустил все как root ins slave pod jenkin, чтобы обойти проблему с разрешениями пользователя для целей этой демонстрации
То, что я уже пробовал
- , используя docker
--volume вместо mount - , используя все возможные параметры для
bind-propagation (хотя все, кроме private, работает в ma c - jenkins k8s на удивление допускает все возможные значения для bind-propagation - возможно, потому что это версия 18.09.9-ce
Подробнее
- образ Dind был включен в k8s:
- монтирование
/var/run/docker.sock - pod не
privileged
- версия
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:21:11 2020
OS/Arch: darwin/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:29:16 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:20:43 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.09.9-ce
API version: 1.39 (minimum version 1.12)
Go version: go1.10.3
Git commit: 039a7df
Built: Fri Nov 1 19:28:24 2019
OS/Arch: linux/amd64
Experimental: false
docker system info сведения о драйвере хранилища
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
[
{
"Id": "275342d559db6719bdc3b5b80c44ce961bb4583f727eabff5ccfdc2a5877d54b",
"Created": "2020-05-29T06:04:36.333043942Z",
"Path": "sh",
"Args": [
"-c",
"echo \"this\" > code/test && ls -al code/ && cat code/test && sleep 10",
"--name",
"test123"
],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-05-29T06:04:36.58940417Z",
"FinishedAt": "2020-05-29T06:04:46.616157405Z"
},
"Image": "sha256:f70734b6a266dcb5f44c383274821207885b549b75c8e119404917a61335981a",
"ResolvConfPath": "/var/lib/docker/containers/275342d559db6719bdc3b5b80c44ce961bb4583f727eabff5ccfdc2a5877d54b/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/275342d559db6719bdc3b5b80c44ce961bb4583f727eabff5ccfdc2a5877d54b/hostname",
"HostsPath": "/var/lib/docker/containers/275342d559db6719bdc3b5b80c44ce961bb4583f727eabff5ccfdc2a5877d54b/hosts",
"LogPath": "/var/lib/docker/containers/275342d559db6719bdc3b5b80c44ce961bb4583f727eabff5ccfdc2a5877d54b/275342d559db6719bdc3b5b80c44ce961bb4583f727eabff5ccfdc2a5877d54b-json.log",
"Name": "/admiring_albattani",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"Mounts": [
{
"Type": "bind",
"Source": "/Volumes/NonOS/ops/code/",
"Target": "/code/"
}
],
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/2f47fcb09bc0395452eaeb3b26d917cd0cf41e3470b59a895708ea6698d6487a-init/diff:/var/lib/docker/overlay2/e78c363c622f70ae20f3a4bcfa55e442c9abc2d696330a1db22de60b7276bf43/diff",
"MergedDir": "/var/lib/docker/overlay2/2f47fcb09bc0395452eaeb3b26d917cd0cf41e3470b59a895708ea6698d6487a/merged",
"UpperDir": "/var/lib/docker/overlay2/2f47fcb09bc0395452eaeb3b26d917cd0cf41e3470b59a895708ea6698d6487a/diff",
"WorkDir": "/var/lib/docker/overlay2/2f47fcb09bc0395452eaeb3b26d917cd0cf41e3470b59a895708ea6698d6487a/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "bind",
"Source": "/Volumes/NonOS/ops/code",
"Destination": "/code",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "275342d559db",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"sh",
"-c",
"echo \"this\" > code/test && ls -al code/ && cat code/test && sleep 10",
"--name",
"test123"
],
"Image": "alpine:latest",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "2dbae65e10eec270564e5952d41b843a10f277d477a24eaf2c0b5585923a0bd4",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/2dbae65e10ee",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2375a159bfc5e9dce5d263c322c7b2827d79cefa88197f24a051603b29c89fc8",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
[
{
"Id": "d3f6a13ed635ce9199945c9c54fbb2f65b190b46190822fb781eb70ce0c0971a",
"Created": "2020-05-29T06:03:52.837737029Z",
"Path": "sh",
"Args": [
"-c",
"echo \"this\" > code/test && ls -al code/ && cat code/test && sleep 10",
"--name",
"test123"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 30976,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-05-29T06:03:53.263122903Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:f70734b6a266dcb5f44c383274821207885b549b75c8e119404917a61335981a",
"ResolvConfPath": "/var/lib/docker/containers/d3f6a13ed635ce9199945c9c54fbb2f65b190b46190822fb781eb70ce0c0971a/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d3f6a13ed635ce9199945c9c54fbb2f65b190b46190822fb781eb70ce0c0971a/hostname",
"HostsPath": "/var/lib/docker/containers/d3f6a13ed635ce9199945c9c54fbb2f65b190b46190822fb781eb70ce0c0971a/hosts",
"LogPath": "/var/lib/docker/containers/d3f6a13ed635ce9199945c9c54fbb2f65b190b46190822fb781eb70ce0c0971a/d3f6a13ed635ce9199945c9c54fbb2f65b190b46190822fb781eb70ce0c0971a-json.log",
"Name": "/musing_stallman",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {
"max-file": "10",
"max-size": "10m"
}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"Mounts": [
{
"Type": "bind",
"Source": "//code/",
"Target": "/code/"
}
],
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/d2f3e1dc5a3a6531903ce305f7c26def037066cabf6e785fe3eb5541c7cc7266-init/diff:/var/lib/docker/overlay2/0514324ae287d8aeb6f7a7866eff5c3414e35c761fd3ce3daf5948a080698ba3/diff",
"MergedDir": "/var/lib/docker/overlay2/d2f3e1dc5a3a6531903ce305f7c26def037066cabf6e785fe3eb5541c7cc7266/merged",
"UpperDir": "/var/lib/docker/overlay2/d2f3e1dc5a3a6531903ce305f7c26def037066cabf6e785fe3eb5541c7cc7266/diff",
"WorkDir": "/var/lib/docker/overlay2/d2f3e1dc5a3a6531903ce305f7c26def037066cabf6e785fe3eb5541c7cc7266/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "bind",
"Source": "/code",
"Destination": "/code",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "d3f6a13ed635",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"sh",
"-c",
"echo \"this\" > code/test && ls -al code/ && cat code/test && sleep 10",
"--name",
"test123"
],
"Image": "alpine:latest",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"NetworkDisabled": true,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "2d1bbff83058acd00b1fa98d8614628942686cf5eb9ae866fbf37466ee456564",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/2d1bbff83058",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]