github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #357 from ibuildthecloud/docs 

Add rootless docs
pull/358/head v0.4.0
Erik Wilson 6 years ago committed by GitHub
parent
75892ec0ac fc67a9be3a
commit
7822549f87
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      README.md

25
README.md
Unescape View File

@ -427,6 +427,31 @@ sudo ip route add default via 192.168.123.1
k3s additionally provides a `--resolv-conf` flag for kubelets, which may help with configuring DNS in air-gap networks.
Rootless - (Some advanced magic, user beware)
--------
Initial rootless support has been added but there are a series of significant usability issues surrounding it.
We are releasing the initial support for those interested in rootless and hopefully some people can help to
improve the usability. First ensure you have proper setup and support for user namespaces. Refer to the
[requirements section](https://github.com/rootless-containers/rootlesskit#setup) in rootlesskit for instructions.
In short, latest Ubuntu is your best bet for this to work.
## Issues w/ Rootless
When running rootless a new network namespace is created. This means that k3s instance is running with networking
fairly detached from the host. The only way to access services run in k3s from the host is to setup port forwards
to the k3s network namespace. We have a controller that will automatically bind 6443 and any service port to the
host with an offset of 10000. That means service port 80 will become 10080 on the host. Once you kill k3s and then
start a new instance of k3s it will create a new network namespace, but it doesn't kill the old pods. So you are left
with a fairly broken setup. This is the main issue at the moment, how to deal with the network namespace.
## Running w/ Rootless
Just add `--rootless` flag to either server or agent. So run `k3s server --rootless` and then look for the message
`Wrote kubeconfig [SOME PATH]` for where your kubeconfig to access you cluster is. Becareful, if you use `-o` to write
the kubeconfig to a different directory it will probably not work. This is because the k3s instance in running in a different
mount namespace.
TODO
----
Currently broken or stuff that needs to be done for this to be considered production quality.

Write Preview
Loading…
Cancel
Save