mirrors/talos-extensions
1
0
Fork 0
mirror of https://github.com/siderolabs/extensions.git synced 2025-08-07 06:47:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
056e5a831a
talos-extensions/container-runtime/gvisor
History
Andrey Smirnov 056e5a831a
chore: bump dependencies 
* Linux Firmware: 20240115
* DRBD: 9.2.7
* gvisor: 20240109.0
* QEMU: 8.2.0
* Tailscale: 1.56.1

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
2024-01-17 19:21:05 +04:00
..
gvisor.part chore: provider better folder structure 2022-02-10 20:39:39 +03:00
manifest.yaml refactor: clean up extensions versioning 2022-04-13 20:08:59 +03:00
pkg.yaml chore: bump dependencies 2024-01-17 19:21:05 +04:00
README.md docs: update documentation on installing extensions 2023-09-29 22:49:23 +04:00
runsc.toml chore: re-enable gvisor cgroup support 2023-02-23 21:10:30 +05:30
vars.yaml refactor: clean up extensions versioning 2022-04-13 20:08:59 +03:00

README.md

gVisor extension

Installation

See Installing Extensions.

Usage

gVisor requires unprivileged user namespace creation, so Talos default setting should be overridden:

machine:
  sysctls:
    user.max_user_namespaces: "11255"

Warning! This disables KSPP best practices setting.

Testing

Apply the following manifest to run nginx pod via gVisor:

apiVersion: node.k8s.io/v1
kind: RuntimeClass
metadata:
  name: gvisor
handler: runsc
---
apiVersion: v1
kind: Pod
metadata:
  name: nginx-gvisor
spec:
  runtimeClassName: gvisor
  containers:
  - name: nginx
    image: nginx

The pod should be up and running:

$ kubectl get pods
NAME           READY   STATUS    RESTARTS   AGE
nginx-gvisor   1/1     Running   0          40s