无头VirtualBox成功在Docker容器中运行
docker run --device=/dev/vboxdrv:/dev/vboxdrv my-vb
我需要在Kubernetes上运行该映像,然后我得到:
VBoxHeadless: Error -1909 in suplibOsInit!
VBoxHeadless: Kernel driver not accessible
Kubernetes对象:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
此映像在Docker中运行,因此在Kubernetes配置中一定是问题所在。
答案 0 :(得分:3)
此项工作需要在配置中稍作修改:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
securityContext: # << added
privileged: true
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
要运行特权容器,您需要具备以下条件:
在https://kubernetes.io/docs/concepts/workloads/pods/pod/#privileged-mode-for-pod-containers上查看更多信息
一旦成功,就可以通过PodSecurityPolicy