Merge pull request #26 from AkihiroSuda/a

kubernetes: remove hostNetwork
aind-containers · Apr 14, 2020 · ef310fe · ef310fe
2 parents caf8e21 + 2b580f5
commit ef310fe
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -84,15 +84,19 @@ kubectl port-forward service/aind 5900
 
 The manifest contains the kernel module installer as `initContainers`.
 
-Known to work on:
-- Google Kubernetes Engine (GKE) 1.16.8-gke.4 (ubuntu)
-- Google Kubernetes Engine (GKE) 1.16.8-gke.4 (ubuntu\_containerd)
-- Azure Kubernetes Service (AKS) 1.17.3
-
-Known NOT to work on:
-- kind 0.7.0
-
-**FIXME**: `hostNetwork` is required on Kubernetes (not on non-Kube Docker) for some unknown reason. This disables running multiple aind pods on a single node!
+The manifest is known to work on:
+- Google Kubernetes Engine (GKE) 1.16.8-gke.8 (ubuntu) [Apr 14, 2020]
+  - Kubernetes 1.16.8, Ubuntu 18.04.4, Kernel 5.3.0-1012-gke, Docker 19.03.2
+  - n2-standard-8
+- Google Kubernetes Engine (GKE) 1.16.8-gke.8 (ubuntu\_containerd) [Apr 14, 2020]
+  - Kubernetes 1.16.8, Ubuntu 18.04.4, Kernel 5.3.0-1012-gke, containerd 1.2.10
+  - n2-standard-8
+- Azure Kubernetes Service (AKS) 1.17.3 [Apr 14, 2020]
+  - Kubernetes 1.17.3, Ubuntu 16.04.6, Kernel 4.15.0-1071-azure, MS-Moby 3.0.10+azure
+  - Standard DS2 v2
+- kind 0.7.0 [Apr 14, 2020]
+  - Kubernetes 1.17.0, Ubuntu 19.10, Kernel 5.3.0-46-generic, containerd 1.3.2
+  - **NOTE**: Requires `docker exec kind-control-plane mount -o remount,rw /sys`
 
 ## Apps
 

diff --git a/kube/aind.yaml b/kube/aind.yaml
@@ -1,9 +1,8 @@
 # aind manifest for Kubernetes
 #
-# Known to work on GKE (Ubuntu) and AKS.
-# Known NOT to work on kind.
+# See README.md for the clusters known to work with.
 #
-# See also FIXME and NOTE lines.
+# NOTE: replace "aind/aind:latest" with "aind/aind@sha256:<digest>" for reproducible deployment.
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -21,13 +20,8 @@ spec:
       labels:
         app: aind
     spec:
-# FIXME: hostNetwork is required on Kubernetes (not on non-Kube Docker) for some unknown reason.
-# This disables running multiple aind pods on a single node!
-# https://github.com/aind-containers/aind/pull/8
-      hostNetwork: true
       initContainers:
       - name: install-kmod
-# NOTE: replace "aind/aind:latest" with "aind/aind@sha256:<digest>" for reproducible deployment.
         image: aind/aind:latest
         command: ["/bin/bash"]
         args: ["-exc", "cp -f /install-kmod.sh /host/tmp/aind-install-kmod.sh && cd /host && chroot . bash /tmp/aind-install-kmod.sh"]
@@ -36,9 +30,17 @@ spec:
         volumeMounts:
         - name: host-root
           mountPath: /host
+ # Remounting /sys as read-write in initContainers propagates to the Pod sandbox and the containers.
+ # Required by anbox session-manager.
+ # https://github.com/aind-containers/aind/issues/21 https://github.com/containerd/containerd/issues/3221 https://github.com/moby/moby/issues/24000#issuecomment-613194003
+      - name: fix-sandbox-sysfs
+        image: aind/aind:latest
+        command: ["/bin/bash"]
+        args: ["-exc", "mount -o remount,rw /sys"]
+        securityContext:
+          privileged: true
       containers:
       - name: aind
-# NOTE: replace "aind/aind:latest" with "aind/aind@sha256:<digest>" for reproducible deployment.
         image: aind/aind:latest
         tty: true
         securityContext: