Comment 21 for bug 1664638

Finally had a chance to try running confined kubelet with the kubernetes-support interface in a live Kubernetes cluster. Attached a script that more or less captures what I did.

Kubelet fails to come up with the following error:

error: failed to run Kubelet: failed to create kubelet: mkdir /var/lib/dockershim: permission denied

This path doesn't appear to be configurable today, although they are adding a hidden --experimental-dockershim-root-directory flag in Kubernetes 1.7 that should cover it. Seems like we'll need to either wait for the new flag, or add write access to /var/lib/dockershim in the kubernetes-support interface.