https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# k3s
a
This message was deleted.
m
I did some test deployments of it for someone, I had trouble getting agent nodes to connect. I only tested the server node for a few hours.
a
Hi Philip, thanks for your answer. I'm surprised that only a few people tested this feature, specially because in production environments, securing the host by avoiding using the root on the Kubernetes processes is a no-brainer thing. I hope more people can join us on this discussion so we can share experiences. Technically speaking, I managed to make it work, with a lot of effort but I'm dealing with some things that are not working (like for example, the deployment of the apps on the cluster, exposing the NVIDIA GPUs on the containers , and making the metrics server work...among others) by reading the logs. Let's see how far I can go with this.
c
You can’t run multinode clusters rootless
It is essentially a toy option at this point. Many things are broken.
@best-accountant-68201 is the primary maintainer of the Rootless Kubernetes stuff, he might have some advice but for anything beyond a very simple single-node installation it is unlikely to do what you want.
b
Multi-node rootless Kubernetes is possible with flannel. You can find a Docker Compose demo here: https://github.com/rootless-containers/usernetes Not ported to k3s yet though
c
Last time I tried that with K3s I couldn’t get it working 100% - the join itself was OK as was the CNI, but stuff like metrics-server that wants to connect to the kubelet doesn’t work because it can’t reach the other network ns.
which is I think what was reported up above
I am also curious about stuff like GPU attachment, I wonder if thats possible without root.
b
Theoretically yes, as it has been possible with Docker and Podman
m
This is really interesting. Thanks Brandon and Akihiro
9 Views
Open in Slack
PreviousNext
Powered by