Rootless Containers
Kubernetes
Note
Please read the common steps first.
Running node components of Kubernetes in a user namespace has been supported since Kubernetes v1.22 (alpha).
See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns
kind supports running Kubernetes inside Rootless Docker/Podman on cgroup v2 hosts.
Docker:
$ dockerd-rootless-setuptool.sh install
$ docker context use rootless
$ kind create cluster
Podman:
$ KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster
See https://kind.sigs.k8s.io/docs/user/rootless/ for the further information.
minikube supports running Kubernetes inside Rootless Docker on cgroup v2 hosts.
$ dockerd-rootless-setuptool.sh install
$ docker context use rootless
$ minikube start --driver=docker --container-runtime=containerd
See https://minikube.sigs.k8s.io/docs/drivers/docker/ for the further information.
Usernetes is our reference Kubernetes distribution to support Rootless mode.
See https://github.com/rootless-containers/usernetes
$ tar xjvf usernetes-x86_64.tbz
$ cd usernetes
$ ./install.sh --cri=containerd
$ export KUBECONFIG="$HOME/.config/usernetes/master/admin-localhost.kubeconfig"
$ kubectl apply -f manifests/*.yaml
k3s supports Rootless mode experimentally.
See https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental
See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/#userns-the-hard-way