github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
td-v2.0.5
containerd/contrib/Dockerfile.test.d/cri-in-userns/etc_containerd_config.toml
Akihiro Suda aefabe5462
Dockerfile.test: add "cri-in-userns" (aka rootless) test stage 
The `cri-in-userns` stage is for testing "CRI-in-UserNS", which should be used in conjunction with "Kubelet-in-UserNS":
https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless

This feature is mostly expected to be used for `kind` and `minikube`.

Requires Rootless Docker/Podman/nerdctl with cgroup v2 delegation: https://rootlesscontaine.rs/getting-started/common/cgroup2/
(Rootless Docker/Podman/nerdctl prepares the UserNS, so we do not need to create UserNS by ourselves)

Usage:
```
podman build --target cri-in-userns -t cri-in-userns -f contrib/Dockerfile.test .
podman run -it --rm --privileged cri-in-userns
```

The stage is tested on CI with Rootless Podman on Fedora 34 on Vagrant.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-07-09 14:50:04 +09:00

11 lines
311 B
TOML
Raw Permalink Blame History

version = 2
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
disable_apparmor = true
restrict_oom_score_adj = true
disable_hugetlb_controller = true
[plugins."io.containerd.grpc.v1.cri".containerd]
# Rootless overlayfs requires kernel >= 5.11 && !selinux
snapshotter = "overlayfs"
Reference in New Issue View Git Blame Copy Permalink