Skip to content

Commit

Permalink
rootless: unlock Podman
Browse files Browse the repository at this point in the history
Tested with Podman 3.0.1

Signed-off-by: Akihiro Suda <[email protected]>
  • Loading branch information
AkihiroSuda committed Mar 3, 2021
1 parent ed9e560 commit 11c96b0
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 8 deletions.
6 changes: 0 additions & 6 deletions pkg/cluster/internal/providers/podman/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,12 +68,6 @@ func (p *provider) Provision(status *cli.Status, cfg *config.Cluster) (err error
return err
}

// kind doesn't work with podman rootless, surface an error
if os.Geteuid() != 0 {
p.logger.Errorf("podman provider does not work properly in rootless mode")
os.Exit(1)
}

// TODO: validate cfg
// ensure node images are pulled before actually provisioning
if err := ensureNodeImages(p.logger, status, cfg); err != nil {
Expand Down
17 changes: 15 additions & 2 deletions site/content/docs/user/rootless.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@ menu:
identifier: "rootless"
weight: 3
---
Starting with kind 0.11.0 and Docker 20.10, [Rootless Docker](https://docs.docker.com/go/rootless/) can be used as the node provider of kind.
Starting with kind 0.11.0, [Rootless Docker](https://docs.docker.com/go/rootless/) and [Rootless Podman](https://github.com/containers/podman/blob/master/docs/tutorials/rootless_tutorial.md) can be used as the node provider of kind.

Rootless Podman is not supported at the moment.
## Provider requirements
- Docker: 20.10 or later
- Podman: 3.0 or later

## Host requirements
The host needs to be running with cgroup v2.
Expand All @@ -25,6 +27,12 @@ Also, depending on the host configuration, the following steps might be needed:
Delegate=yes
```

- Create `/etc/modules-load.d/iptables.conf` with the following content:
```
iptables_nat
ip6tables_nat
```

## Restrictions

The restrictions of Rootless Docker apply to kind clusters as well.
Expand All @@ -42,5 +50,10 @@ $ export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/docker.sock
$ kind create cluster
```

To create a kind cluster with Rootless Podman, just run:
```console
$ KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster
```

## Tips
- To enable OOM watching, allow `dmesg` by running `sysctl -w kernel.dmesg_restrict=0`.

0 comments on commit 11c96b0

Please sign in to comment.