Re: shared mnt namespace for containers in a pod?

[Vishnu Kannan]

Although shared mount namespaces might be ideal, given that some runtimes like docker requires a separate mnt namespace per container, it might be better to model sharing of mounts using volumes. For example, an empty dir markes as shared mount, will let containers in a pod share mounts with each other.

On Sun, Apr 10, 2016 at 8:11 AM, Simon <xch...@gmail.com> wrote:

Hi all,

I have a use case for a pod to share mnt namespace, more specifically for fuse to work across containers in the same pod. In k8s, it looks like containers in the same pod by default have separate mnt namespaces. 

Thanks.

-Simon

--
You received this message because you are subscribed to the Google Groups "kubernetes-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-de...@googlegroups.com.
To post to this group, send email to kuberne...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-dev/33e75959-2419-461a-b9b7-0c0af5d99bb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Xu (Simon) Chen]

Vishnu,

Shared volume mounts doesn't address my use case. I have one process
running to set up a fuse mount, for another process to use. If they
run in different containers with different mnt namespaces, fuse does
not work.

Thanks.
-Simon

[Vishnu Kannan]

Not sure about your use of FUSE, but mount propagation (aka shared mount volumes) work with vanilla docker.

Here is an example:

// Setup a volume with shared mount propagation

$ mkdir /tmp/shared-volume

$ mount --bind  /tmp/shared-volume /tmp/shared-volume

$ mount --make-rshared /tmp/shared-volume

// Start a docker container that will consume mounts within this volume

$ docker run -d -v /tmp/shared-volume:/tmp/shared-volume:rw,rshared --name consumer busybox sleep 1000

// Start a docker container that will create a mount

$ docker run --privileged -v /tmp/shared-volume:/tmp/shared-volume:rw,rshared ubuntu bash

root@3bf88c9ffcb3:/# mkdir /tmp/shared-volume/tmpfs

root@3bf88c9ffcb3:/# mount -t tmpfs tmpfs /tmp/shared-volume/tmpfs

// Exec into the 'consumer' container to find that the newly created tmpfs mount is available.

$  docker exec -it consumer sh

/ # stat -f /tmp/shared-volume/tmpfs

  File: "/tmp/shared-volume/tmpfs"

    ID: 0        Namelen: 255     Type: tmpfs

AFAIK, this should work for FUSE as well.

[Mike Danese]

To clarify 1) setting "shared" option on a mount (a.k.a. mount
propagation), 2) sharing a mount namespace, and 3) sharing a mounted
volume between two containers are very different :). 1) Docker doesn't
support shared mount namespaces. We are not planning on implementing
this. 2) Mount propagation is planned however and I'm fairly sure it
will work for your use case. It's not yet implemented though. 3) You
can already share volumes between containers.

See:
https://github.com/kubernetes/kubernetes/issues/18776
https://github.com/kubernetes/kubernetes/pull/20698

> https://groups.google.com/d/msgid/kubernetes-dev/CAA_vbqRokWATmuCM0Up43c3B_n59XBataE%2BEO9RxMQwaiWpMew%40mail.gmail.com.

[Vishnu Kannan]

>  1) Docker doesn't
support shared mount namespaces. We are not planning on implementing
this.

rkt supports shared mount namespaces. So from Kubernetes perspective, we attempt to share whatever namespaces a runtime allows us to share.

[Mike Danese]

I will invoke the "Kubernetes is portable" tenant but when we support
runtime specific options then anything is possible :). Mount
propagation is probably closer.

[Xu (Simon) Chen]

Thanks Mike. I did some reading, and shared mount is indeed what I want.