We run K8S clusters based on custom VM images that have corporate standard services and utilities. How can a pod/container have access to those? For example, how to start a service in the host as part of deploy/undeploy
You can mount the systemd sockets into the Pod's container. From there you either need polkit permissions to run the commands as a non privileged user, or you need to run the container privileged. The Pod spec to do so is as follows:
kind: Pod
metadata:
name: dbus-pod
labels:
app: dbus
spec:
containers:
- name: dbus-container
image: centos:7
command: ['systemctl','status','sshd']
securityContext:
privileged: true
volumeMounts:
- name: run-dbus
mountPath: /var/run/dbus
- name: run-systemd
mountPath: /run/systemd
- name: bin-systemctl
mountPath: /usr/bin/systemctl
readOnly: true
- name: etc-systemd
mountPath: /etc/systemd/system
readOnly: true
restartPolicy: Never
volumes:
- name: run-dbus
hostPath:
path: /var/run/dbus
- name: run-systemd
hostPath:
path: /run/systemd
- name: bin-systemctl
hostPath:
path: /usr/bin/systemctl
- name: etc-systemd
hostPath:
path: /etc/systemd/systemThen you have to figure out how you want to schedule the Pod on your cluster. If you wanted to run something on every node once, you could create a DaemonSet and remove it. A Job might be more appropriate if you have selectors to define where you want the Pod to run.
There are also projects like go-systemd that control dbus via the /var/run/dbus socket and take the place of all the systemd/systemctl setup.