Configure the Bonnet's bootstrapping process in a Kubernetes pod. Should do the following:
TODO: Need to handle graceful handoff of connections between bonnets on restart. As it is now, the old Bonnet being connected causes the new one to be blocked (and the old one isn't killed by the kubemaster until the new one initializes...).
1) Start Bonnet as an init container, configuring the TUN device and setting permissions to allow the Bonnet sidecar to pick up the TUN without NET_ADMIN permissions.
2) Have the init container shut down upon successful configuration (should we forcefully terminate after some number of failed initial attempts?).
3) Start Bonnet again as a sidecar (without NET_ADMIN), allowing the primary task within the pod to run without requiring any privileges.
gfe-relnote: n/a (QBONE-only change)
PiperOrigin-RevId: 285281727
Change-Id: Ie78ffb1d441f605e41ead80c16069271fbe102f3
3 files changed
