scripts: enable nested cgroups in minikube

Example: $ minikube start --driver=kvm2 --container-runtime=crio $ ./scripts/minikube-enable-nested-cgroups.sh And now: $ kubectl run --annotations='io.kubernetes.cri-o.cgroup2-mount-hierarchy-rw=true' ubuntu --image=ubuntu --rm -it -- /bin/bash root@ubuntu:/# cat /proc/self/cgroup ## <-- inside pod 0::/ root@ubuntu:/# mkdir /sys/fs/cgroup/pizza root@ubuntu:/# echo $$ > /sys/fs/cgroup/pizza/cgroup.procs root@ubuntu:/# cat /proc/self/cgroup 0::/pizza Signed-off-by: Kornilios Kourtis <[email protected]>
cilium · Dec 6, 2024 · 258ff8a · 258ff8a
1 parent 4b08e1e
commit 258ff8a
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/contrib/tetragon-rthooks/scripts/minikube-enable-nested-cgroups.sh b/contrib/tetragon-rthooks/scripts/minikube-enable-nested-cgroups.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# vim:set noet ci pi ts=4 sw=4
+
+set -o pipefail
+set -e
+
+SCRIPTPATH=$(dirname "$0")
+RTHOOKSPATH=$(realpath $SCRIPTPATH/..)
+make -C ${RTHOOKSPATH}/
+SETUPBIN=${RTHOOKSPATH}/tetragon-oci-hook-setup
+
+source ${SCRIPTPATH}/helpers
+
+runtime=$(detect_runtime)
+if [ "$runtime" != "crio" ]; then
+	echo "crio not installed, bailing out"
+	exit 1
+fi
+
+tdir=$(mktemp -d)
+minikube ssh 'cat /etc/crio/crio.conf' > $tdir/crio.conf
+${SETUPBIN}  patch-crio-conf enable-annotations \
+	--config-file=$tdir/crio.conf \
+	--output-file=$tdir/crio-patched.conf \
+	--annotations='io.kubernetes.cri-o.cgroup2-mount-hierarchy-rw'
+diff -u $tdir/crio.conf $tdir/crio-patched.conf || true
+minikube cp $tdir/crio-patched.conf /etc/crio/crio.conf
+minikube ssh sudo systemctl restart crio