mirrors/talos-extensions
1
0
Fork 0
mirror of https://github.com/siderolabs/extensions.git synced 2025-08-07 06:47:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
7ba3b3a8b5
talos-extensions/container-runtime/gvisor
History
Andrey Smirnov 0ba9f81043
docs: update documentation on installing extensions 
Remove deprecated `.machine.install.extensions`, point to Talos
documentation.

Once Image Factory is live, we can point to it.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
2023-09-29 22:49:23 +04:00
..
gvisor.part chore: provider better folder structure 2022-02-10 20:39:39 +03:00
manifest.yaml refactor: clean up extensions versioning 2022-04-13 20:08:59 +03:00
pkg.yaml chore: bump deps 2023-02-17 16:08:17 +05:30
README.md docs: update documentation on installing extensions 2023-09-29 22:49:23 +04:00
runsc.toml chore: re-enable gvisor cgroup support 2023-02-23 21:10:30 +05:30
vars.yaml refactor: clean up extensions versioning 2022-04-13 20:08:59 +03:00

README.md

gVisor extension

Installation

See Installing Extensions.

Usage

gVisor requires unprivileged user namespace creation, so Talos default setting should be overridden:

machine:
  sysctls:
    user.max_user_namespaces: "11255"

Warning! This disables KSPP best practices setting.

Testing

Apply the following manifest to run nginx pod via gVisor:

apiVersion: node.k8s.io/v1
kind: RuntimeClass
metadata:
  name: gvisor
handler: runsc
---
apiVersion: v1
kind: Pod
metadata:
  name: nginx-gvisor
spec:
  runtimeClassName: gvisor
  containers:
  - name: nginx
    image: nginx

The pod should be up and running:

$ kubectl get pods
NAME           READY   STATUS    RESTARTS   AGE
nginx-gvisor   1/1     Running   0          40s