-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create tmpfs mount in a container from any directory #28273
Comments
@CsatariGergely Have you checked the |
@Random-Liu The --tmpfs option on the Docker API is about moving the content of an existing directory of a container into tmpfs when the container is started. E.g. /run or /var (or any other directory, of course). So, it preserves the content of the directory, and at the same time it moves that into a tmpfs. |
https://docs.docker.com/engine/reference/commandline/run/#/mount-tmpfs-tmpfs @janosi I can't tell there is any difference with emptyDir. I also tried my self:
|
@Random-Liu Please refer to [1], "Other cool stuff". [1] http://www.projectatomic.io/blog/2015/12/making-docker-images-write-only-in-production/ |
We have a chance to work on this issue now. I would like to align the design before applying it on the code. There would be the following new field in type Container //Optional. Cannot be changed. Support of Docker function --tmpfs to enable in-memory modification of
//some data in a read-only container. The listed mount points will be backed by a tmpfs. If a mount
//point exists in the container image the content of that is preserved when the tmpfs is created.
//Keeping the content is achieved by using tar on the existing content. For this reason "tar" shall
//be available and executable in the container.
TmpFsList []TmpFs `json:"tmpFsList,omitempty"` There would be a new type TmpFs to allow the description of the target TmpFs mount point: // TmpFs describes a tmpfs mount point in a container.
type TmpFs struct {
// This must match the Name of a Volume.
MountPath string `json:"mountPath"`
// Mounted read-only if true, read-write otherwise (false or unspecified).
// Defaults to false.
ReadOnly bool `json:"readOnly,omitempty"`
//noexec flag for tmpfs. Defaults to false.
NoExec bool `json:"noExec,omitempty"`
//nosuid flag for tmpfs. Defaults to false.
NoSuId bool `json:"noSuId,omitempty"`
//size of the tmpfs. Defaults to the amount of memory on the host.
Size *resource.Quantity `json:"size,omitempty"`
//access mode. Default value is according to umask setting.
Mode string `json:"mode,omitempty"`
} |
Please just ignore and close this issue. |
cc @thockin |
Docker implemented the support to mount tmpfs volume on top of any directory in a container (see 1). Kubernetes should also support this functionality by exposing this possibility on its API.
This would be needed to allow --read-only containers, but the content of these directories could be still modified.
The text was updated successfully, but these errors were encountered: