- Dockerfile 100%
Emily Shepherd
c175a4b78b
This has been taken from an open [issue][gh-389] on the kmod project. [gh-389]: https://github.com/kmod-project/kmod/issues/389 |
||
|---|---|---|
| src@13330c958d | ||
| .gitmodules | ||
| Containerfile | ||
| LICENSE | ||
| meson-add-support-for-static-builds.patch | ||
| README.md | ||
modprobe
A container and example partial pod spec for modprobe, part of kmod, for loading kernel modules.
Usage
This container is designed to be used as an init container alongside other containers in a Kubernetes Pod. It is used when a pod requires certain kernel modules to be loaded. Using a separate container to perform this task means:
a) Application pods themselves do not need to be concerned with the implementation details of how modules are loaded on the system. b) the SYS_MODULE capability, which is extremely powerful, does not need to be granted to a Pod's main runtime containers.
Add this Container Spec to your Pod's initContainers section:
- name: modprobe
image: docker.io/emilyls/modprobe:34.2
args:
- -a
- tiny-power-button
- binfmt-script
volumeMounts:
# As a wise man once said, "in order to be able to load kernel
# modules, we must first be able to see the kernel modules"
- mountPath: /lib/modules
name: modules
readOnly: true
securityContext:
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
add:
# Required to allow modprobe to load the modules
- SYS_MODULE
And add this Volume Spec to your Pod's volumes section:
- name: modules
hostPath:
type: Directory
path: /lib/modules
License
kmod itself is licenced under GPLv2.1. This wrapper project's Containerfile and helm chart are licensed under the Apache License 2.0.