[Container](EN) Run privileged mode container in Docker or Kubernetes Pod

Run privileged mode container in Docker or Kubernetes Pod


Environment and Prerequisite

  • Linux base system
  • Bash shell(/bin/bash)
  • Docker
  • Kubernetes


Run Privileged Mode

What is Privileged Mode?

--cap-add: Add Linux capabilities
--cap-drop: Drop Linux capabilities
--privileged=false: Give extended privileges to this container
--device=[]: Allows you to run devices inside the container without the --privileged flag.
  • By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all devices.
  • By using docker run --privileged, container can not only access to all hosts devices but also use most of host computer’s kernel functions. You can use like systemctl program or run docker daemon in docker container.
  • You can add or drop needed linux kernel(host) capabilities by using --cap-add and --cap-drop options. There are many option values in docker official page.


Docker Container Privileged Mode Usage

  • Give --privileged option when running container.
sudo docker run --privileged [IMAGE NAME] [OTHER OPTIONS...]

Docker Container Privileged Mode Example

  • Download CentOS image and use systemctl command
  • /sbin/init should be run before using systemctl
# Run docker container in privileged mode
# Run "/sbin/init" command in background
$ sudo docker run -d --privileged --name centos-example centos /sbin/init

# Access to docker container
$ sudo docker exec -it centos-example /bin/bash

# Run systemctl command
$ systemctl -a
...


Kubernetes Pod Container Privileged Mode Usage

  • Add securityContext with privileged: true option to Pod YAML file.
  • Examples are from openstack-helm and official page.
...
containers:
  - name: pod-name
    image: image-name
    securityContext:
      privileged: true
...

Kubernetes Pod Container Privileged Mode Example

apiVersion: v1
kind: Pod
metadata:
  name: privileged-pod
spec:
  containers:
    - name:  pause
      image: k8s.gcr.io/pause
      securityContext:
        privileged: true


Reference

[Python] pdb를 이용해 파이썬 코드 디버깅하기

> pdb를 이용해 python 코드를 디버깅하는 방법을 알아보자.## 환경- Linux 기반 시스템- Bash shell(/bin/bash)- Python## pdb### pdb란?- ```pdb``` : 파이썬 디버깅 도구로 파인썬 인터프리터...… Continue reading