You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by cs...@apache.org on 2018/03/09 19:11:24 UTC

[incubator-openwhisk-deploy-kube] branch master updated: update invoker documentation on hostPaths; remove libapparmor (#164)

This is an automated email from the ASF dual-hosted git repository.

csantanapr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-deploy-kube.git


The following commit(s) were added to refs/heads/master by this push:
     new 692ce38  update invoker documentation on hostPaths; remove libapparmor (#164)
692ce38 is described below

commit 692ce3893783c3e287d189763267a79a45105424
Author: David Grove <dg...@users.noreply.github.com>
AuthorDate: Fri Mar 9 14:11:22 2018 -0500

    update invoker documentation on hostPaths; remove libapparmor (#164)
---
 kubernetes/invoker/README.md   | 37 +++++++++++++------------------------
 kubernetes/invoker/invoker.yml |  5 -----
 2 files changed, 13 insertions(+), 29 deletions(-)

diff --git a/kubernetes/invoker/README.md b/kubernetes/invoker/README.md
index 9d420cf..9e60c11 100644
--- a/kubernetes/invoker/README.md
+++ b/kubernetes/invoker/README.md
@@ -37,33 +37,22 @@ kubectl apply -f invoker.yml
 
 **Important**
 
-OpenWhisk relies on part of the underlying infrastructure that Kube
-is running on. When deploying the Invoker for OpenWhisk, it mounts the hosts
-Docker socket and a number of other components. This way OpenWhisk can
-quickly provision actions and does not have to run Docker inside of Docker.
-However, this also means that a number of the default mount options assume
-that the Kubernetes host image is Ubuntu. During the deploy there could be an
-issue and if the Invoker fails to deploy, see the [Troubleshooting](#troubleshooting)
-section below.
 
 # Troubleshooting
 ## No invokers are deployed
 
 Verify that you actually have at least one node with the label openwhisk-role=invoker.
 
-## Kubernetes Host Linux Versions
-
-Unfortunately when Deploying OpenWhisk on Kubernetes it currently mounts some
-of the host OS files for the Invoker process and needs to make some assumptions.
-Because of this, some failures are known to happen on certain Linux versions,
-like CoreOs. If you see an error like:
-
-```
-Failed to start container with id 8d9125bf2d3711312a98a8b98de15306e495883cc470a03beb6689b34895791f with error: rpc error: code = 2 desc = failed to start container "8d9125bf2d3711312a98a8b98de15306e495883cc470a03beb6689b34895791f": Error response from daemon: {"message":"mkdir /usr/lib/x86_64-linux-gnu: read-only file system"}
-Error syncing pod, skipping: failed to "StartContainer" for "Invoker" with rpc error: code = 2 desc = failed to start container "8d9125bf2d3711312a98a8b98de15306e495883cc470a03beb6689b34895791f": Error response from daemon: {"message":"mkdir /usr/lib/x86_64-linux-gnu: read-only file system"}: "Start Container Failed"
-```
-
-Then you might need to modify some of the volume mounts in the
-[invoker.yml](invoker.yml). For example, the error above is trying to
-find something from the apparmor mount which makes no sense to
-CoreOS. To fix the issue, you just need to remove the mount.
+## Invokers containers fail to start with volume mounting problems
+
+To execute the containers for user actions, OpenWhisk relies on part
+of the underlying infrastructure that Kubernetes is running on. When
+deploying the Invoker for OpenWhisk, it mounts the host's Docker
+socket and several other system-specific directories related to
+Docker. This enables efficient container management, but it also also
+means that the default volume hostPath values assume that the Kubernetes worker
+node image is Ubuntu. If containers fail to start with errors related
+mounting`/sys/fs/cgroup`, `/run/runc`,`/var/lib/docker/containers`, or
+`/var/run/docker.sock`, then you will need to change the corresponding
+value in [invoker.yml](invoker.yml) to match the host operating system
+running on your Kubernetes worker node.
diff --git a/kubernetes/invoker/invoker.yml b/kubernetes/invoker/invoker.yml
index 58c5dd6..63645c8 100644
--- a/kubernetes/invoker/invoker.yml
+++ b/kubernetes/invoker/invoker.yml
@@ -38,9 +38,6 @@ spec:
       - name: dockersock
         hostPath:
           path: "/var/run/docker.sock"
-      - name: apparmor
-        hostPath:
-          path: "/usr/lib/x86_64-linux-gnu/libapparmor.so.1"
 
       initContainers:
       - name: docker-pull-runtimes
@@ -74,8 +71,6 @@ spec:
           mountPath: "/var/run/docker.sock"
         - name: dockerrootdir
           mountPath: "/containers"
-        - name: apparmor
-          mountPath: "/usr/lib/x86_64-linux-gnu/libapparmor.so.1"
         env:
           - name: "PORT"
             value: "8080"

-- 
To stop receiving notification emails like this one, please contact
csantanapr@apache.org.