-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow configuration of Rootlesskit's CopyUpDirs through an environment variable #10385
Comments
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 45 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions. |
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 45 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions. |
Unstale, we can evaluate for 2024-10 |
@ludost can you address PR feedback and rebase your PR? If so we can look at this for the October cycle. |
Is your feature request related to a problem? Please describe.
In our use-case, (see also issue: #10295) we are running a K3S Agent in a Rootless environment at the end-user's own workstation. This works well (enough), but we also want to provide access to the local folders (through e.g. HostPath volume mounts). But the Agent runs inside the rootless namespace, disallowing read/write access to the actual file-system.
Currently the rootless configuration is hardcoded where the CopyUpDirs are concerned. With this issue, I've created a PR that allows the Agent to setup extra "CopyUpDirs" entries, through an environment variable called "K3S_ROOTLESS_COPYUPDIRS". This environment variable can receive a comma-separated list absolute paths, which will be added to the existing list.
Describe the solution you'd like
See the related PR.
Describe alternatives you've considered
Within the context of running rootless I see no alternative to this change. The namespace container is meant specifically to block this kind of access, with the CopyUpDirs parameter the "normal" way of explicitly exposing external folders. We can also consider a more advanced configuration model, but the rest of the rootless package is using environment variables as well for this purpose.
Additional context
The text was updated successfully, but these errors were encountered: