[atomic] Kubernetes and /etc/hosts

[Jonathan Rogers <jrogers emphasys-software com>]

I'm using CentOS Atomic Host 7. I can run Docker containers directly and
they function as expected. I set up a small Kubernetes cluster using the
Atomic and Kubernetes documentation. I can also run containers using
Kubernetes, but /etc/hosts is unreadable in the containers because of
SELinux configuration. I found this be true in containers based on both
the "busybox" Docker image as well as my CentOS 6-based image.

I see that Kubernetes sets up a mount just for /etc/hosts, overriding
Docker's default behavior. Why is this necessary? It seems that
Kubernetes fails to apply the necessary label(s) to the hosts file it
provides. If I use the chcon command on the host to add
"svirt_sandbox_file_t" to the Kubernetes-managed hosts file, the
container can read it via /etc/hosts. Of course, disabling SELinux
enforcement also avoids the problem.

Since this doesn't seem to be a common problem, I can't tell if it's
Kubernetes, CentOS or Atomic at fault. I found a long discussion about
SELinux vs Kubernetes which seems related. However, the Docker volume in
question was generated automatically by Kubernetes without any explicit
configuration.

https://github.com/projectatomic/adb-atomic-developer-bundle/issues/117

-- 
Jonathan Rogers
Socialserve.com by Emphasys Software
jrogers emphasys-software com