I'm using CentOS Atomic Host 7. I can run Docker containers directly and they function as expected. I set up a small Kubernetes cluster using the Atomic and Kubernetes documentation. I can also run containers using Kubernetes, but /etc/hosts is unreadable in the containers because of SELinux configuration. I found this be true in containers based on both the "busybox" Docker image as well as my CentOS 6-based image.
I see that Kubernetes sets up a mount just for /etc/hosts, overriding Docker's default behavior. Why is this necessary? It seems that Kubernetes fails to apply the necessary label(s) to the hosts file it provides. If I use the chcon command on the host to add "svirt_sandbox_file_t" to the Kubernetes-managed hosts file, the container can read it via /etc/hosts. Of course, disabling SELinux enforcement also avoids the problem. Since this doesn't seem to be a common problem, I can't tell if it's Kubernetes, CentOS or Atomic at fault. I found a long discussion about SELinux vs Kubernetes which seems related. However, the Docker volume in question was generated automatically by Kubernetes without any explicit configuration. https://github.com/projectatomic/adb-atomic-developer-bundle/issues/117 -- Jonathan Rogers Socialserve.com by Emphasys Software [email protected]
