Modprobe not installed on docker kubernetes container in GKE

Question

I'm trying to run gcsfuse inside my docker container to access my Google Cloud Storage so my program inside the docker can access it. I'm using Google Kuberenetes Engine. My problem is when i run whereis modprobe I get no results, meaning there is no modprobe installed. I've seen this post and this one but they are futile. I've allready ran sudo apt install update && sudo apt install upgrade to upgrade my kernels and also tried simply sudo apt-get install modprobe which results in package not found. I've eddited my deployment.yaml file to include these (I'm deploying throught github actions):

spec:
...
        securityContext:
            privileged: true
            capabilities:
              add:
                - SYS_ADMIN
                - SYS_MODULE
        env:
          - name: STARTUP_SCRIPT
            value: |
              #! /bin/bash
              modprobe fuse

But these didn't change anything at all. I've seen in a post that i must add something like lib/modules but i allready have a lib file inside my container that my program uses, is there a workaround for that? Am i installing gcsfuse wrong? (Installing gcsfuse was hard normal practices didn't work but in the end we made it work)

Here is my gcsfuse installation:

RUN apt-get update -y && apt-get dist-upgrade -y && apt-get -y install lsb-release curl gnupg && apt -y install lsb-core

ENV GCSFUSE_REPO gcsfuse-stretch


RUN apt-get update -y && apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl gnupg
RUN echo "deb http://packages.cloud.google.com/apt $GCSFUSE_REPO main" | tee /etc/apt/sources.list.d/gcsfuse.list
RUN echo "deb https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -

# Install gcsfuse and google cloud sdk
RUN apt-get update -y  && apt-get install -y gcsfuse google-cloud-sdk \
    && apt-get autoremove -y \
    && apt-get clean -y \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

This is a continuation of another error I had whilst trying to run gcsfuse, I realised i don't have modprobe and asked this question. Ubuntu image 22.10

Edit: This questions says I must add stuff to a yaml file but I'm not sure which yaml file I must add those to. Since im using github actions I have deployment.yaml, kustomization.yaml and service.yaml

You can't install kernel modules in a container. This is doubly true in Kubernetes. At a mechanical level, kernel modules are extremely specific to the exact kernel that's running on the host (in Kubernetes this can vary between nodes) and you can't really package up a kernel module for this node's exact GKE-specific kernel build in your image. — David Maze, Aug 08 '22 at 09:51
More generally, you also can't usually mount things from inside a container. This is a Linux capability constraint so an operator could in principle allow mounts (including bind mounts of the host that would compromise the system), but it's better practice to use Kubernetes's [volume](https://kubernetes.io/docs/concepts/storage/volumes/) system than to try to bring a system like FUSE into it. — David Maze, Aug 08 '22 at 09:53
@DavidMaze So how do you recommend we should approach this? My program is going to read videos from the storage so I don't want it to download the files, also I want to read them like a normal file (Like using fopen inside my code) so my other dependencies can read it like normal. Will volumes achieve this goal? — Turgut, Aug 08 '22 at 09:56
@DavidMaze, we can mount the storage easily in container shell. But we cannot see the mounted storage in pods, how do we achieve this ? — london_utku, Aug 08 '22 at 10:14
There appears to be a [third-party GCS CSI driver](https://github.com/ofek/csi-gcs); I know nothing about it beyond that a Google search finds it, but if it works, it would address this need without needing extra privileges in your container. — David Maze, Aug 08 '22 at 10:17
@DavidMaze When I try to install that library inside the container it says `default" cannot get resource "csidrivers" in API group "storage.k8s.io" at the cluster scope`. I can download it into the VM but that doesn't effect the container. — Turgut, Aug 08 '22 at 12:28

score 1 · Answer 1 · answered Aug 09 '22 at 20:15

When you provide the following as you job yaml file, it will provide the correct privileges for the job you are creating rather then deployments.yaml file :

apiVersion: batch/v1
kind: Job
metadata:
  # Unique key of the Job instance
  name: job-40
spec:
  template:
    metadata:
      name: job-40
    spec:
      containers:
      - name: nginx-1
        image: gcr.io/videoo2/github.com/...
        command: ["/bin/sleep"]
        args: ["1000"]
        securityContext:
          privileged: true
          capabilities:
            add:
              - SYS_ADMIN
      # Do not restart containers after they exit
      restartPolicy: Never
  # of retries before marking as failed.
  backoffLimit: 0

Modprobe not installed on docker kubernetes container in GKE

1 Answers1