Headless VirtualBox 在 Docker 容器中成功运行
docker run --device=/dev/vboxdrv:/dev/vboxdrv my-vb
我需要在 Kubernetes 上运行这个镜像,我得到:
VBoxHeadless: Error -1909 in suplibOsInit!
VBoxHeadless: Kernel driver not accessible
Kubernetes 对象:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
此镜像在 Docker 中运行,因此必须是 Kubernetes 配置中的问题。
最佳答案
这项工作的配置需要稍作修改:
metadata:
name: vbox
labels:
app: vbox
spec:
selector:
matchLabels:
app: vbox
template:
metadata:
labels:
app: vbox
spec:
securityContext:
runAsUser: 0
containers:
- name: vbox-vm
image: my-vb
imagePullPolicy: 'Always'
securityContext: # << added
privileged: true
ports:
- containerPort: 6666
volumeMounts:
- mountPath: /root/img.vdi
name: img-vdi
- mountPath: /dev/vboxdrv
name: vboxdrv
volumes:
- name: img-vdi
hostPath:
path: /root/img.vdi
type: File
- name: vboxdrv
hostPath:
path: /dev/vboxdrv
type: CharDevice
为了能够运行特权容器,您需要:
在 https://kubernetes.io/docs/concepts/workloads/pods/pod/#privileged-mode-for-pod-containers 上查看更多信息
一旦它工作正常,请通过 PodSecurityPolicy
关于kubernetes - Kubernetes容器内的VirtualBox,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55342051/