Hi everyone! I need to deploy K3s in rootless mode (security reasons) and I'm facing a lot of problems making it work as should be. Anyone tried to have a K3s rootless working on production despite being an experimental feature?

I did some test deployments of it for someone, I had trouble getting agent nodes to connect. I only tested the server node for a few hours.

Hi Philip, thanks for your answer. I'm surprised that only a few people tested this feature, specially because in production environments, securing the host by avoiding using the root on the Kubernetes processes is a no-brainer thing. I hope more people can join us on this discussion so we can share experiences. Technically speaking, I managed to make it work, with a lot of effort but I'm dealing with some things that are not working (like for example, the deployment of the apps on the cluster, exposing the NVIDIA GPUs on the containers , and making the metrics server work...among others) by reading the logs. Let's see how far I can go with this.

You can’t run multinode clusters rootless

Multi-node rootless Kubernetes is possible with flannel. You can find a Docker Compose demo here: https://github.com/rootless-containers/usernetes Not ported to k3s yet though

Last time I tried that with K3s I couldn’t get it working 100% - the join itself was OK as was the CNI, but stuff like metrics-server that wants to connect to the kubelet doesn’t work because it can’t reach the other network ns.

Theoretically yes, as it has been possible with Docker and Podman

This is really interesting. Thanks Brandon and Akihiro