metropolis/node/core: add tmpfs at /dev/shm
k8s requires /dev/shm for "kubectl debug" to work.
Fixes https://github.com/monogon-dev/monogon/issues/305.
Tested manually on a local test cluster.
Change-Id: I3b29ea75d59e115da80dadf48dabbaba23d7099b
Reviewed-on: https://review.monogon.dev/c/monogon/+/3245
Tested-by: Jenkins CI
Reviewed-by: Serge Bazanski <serge@monogon.tech>
diff --git a/metropolis/node/core/mounts.go b/metropolis/node/core/mounts.go
index 047552b..02173c5 100644
--- a/metropolis/node/core/mounts.go
+++ b/metropolis/node/core/mounts.go
@@ -41,6 +41,11 @@
{"/proc", "proc", unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV},
{"/dev", "devtmpfs", unix.MS_NOEXEC | unix.MS_NOSUID},
{"/dev/pts", "devpts", unix.MS_NOEXEC | unix.MS_NOSUID},
+ // Nothing in Metropolis currently uses /dev/shm, but it's required
+ // by containerd when the host IPC namespace is shared, which
+ // is required by "kubectl debug node/" and specific customer applications.
+ // https://github.com/monogon-dev/monogon/issues/305.
+ {"/dev/shm", "tmpfs", unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV},
} {
if err := os.MkdirAll(el.dir, 0755); err != nil {
return fmt.Errorf("could not make %s: %w", el.dir, err)