public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

proc: detect kubernetes runtime by mounts (#2054) 

Fix #1936
Kubernetes was not being detected by files not by /proc/?/cgroup
contents. Now it detects the kubernetes runtime if any of those
conditions are met:

* /var/run/secrets/kubernetes.io/serviceaccount exists
* /proc/mounts has the mount for "/" with fs type "overlay"
This commit is contained in:
Víctor 2022-04-18 16:20:42 +02:00 committed by GitHub
parent f9c5745c63
commit 13ed53e25c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/util/proc/proc.go
View File

@ -22,6 +22,7 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os" "os"
"regexp"
"strings" "strings"
) )
@ -140,6 +141,13 @@ func GetContainerRuntime(tgid, pid int) ContainerRuntime {
return runtime return runtime
} }
// Docker was not detected at this point.
// An overlay mount on "/" may indicate we're under containerd or other runtime.
a = readFileString("/proc/mounts")
if m, _ := regexp.MatchString("^[^ ]+ / overlay", a); m {
return RuntimeKubernetes
}
return RuntimeNotFound return RuntimeNotFound
} }
@ -154,6 +162,8 @@ func detectContainerFiles() ContainerRuntime {
{RuntimePodman, "/run/.containerenv"}, {RuntimePodman, "/run/.containerenv"},
// https://github.com/moby/moby/issues/18355 // https://github.com/moby/moby/issues/18355
{RuntimeDocker, "/.dockerenv"}, {RuntimeDocker, "/.dockerenv"},
// Detect the presence of a serviceaccount secret mounted in the default location
{RuntimeKubernetes, "/var/run/secrets/kubernetes.io/serviceaccount"},
} }
for i := range files { for i := range files {