Akihiro Suda
Akihiro Suda
kube-apiserver should be launched with-`-authorization-mode=Node,RBAC` https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/1.15.3/docs/08-bootstrapping-kubernetes-controllers.md
`MAINPID` needs to be converted across the PID namespace boundary
I.e. equivalent of https://github.com/moby/vpnkit/tree/master/go/cmd/kube-vpnkit-forwarder # Steps ## Step 1: Add RootlessKit to NodePort management API RootlessKit will provide implementation-agnostic REST API for exposing a port in the child netns to...
We should have docs for running stargz with popular Kubernetes services and distros. GKE guide by @rochaporto: https://ricardorocha.io/blog/gke-custom-containerd/ https://twitter.com/lukasheinrich_/status/1362445073045192705
``` $ nerdctl --snapshotter=stargz run --rm -e MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=1 ghcr.io/stargz-containers/mariadb:10.5-esgz ... 2021-09-01 2:39:36 0 [Note] mysqld (mysqld 10.5.10-MariaDB-1:10.5.10+maria~focal) starting as process 101 ... 2021-09-01 2:39:36 0 [Warning] Could not increase number...
https://github.com/containerd/stargz-snapshotter/blob/e9306b199a1b48a44ac68f7af1d844386e4ca304/store/fs.go#L53 On Fedora 34, the binary name is `fusermount3`, not `fusermount`
(Updated by @ktock and me (@AkihiroSuda)) # Summary - ✅ : Supported - ➖ : won't be possible - blank: TBD |Tools|Lazy Pulling of eStargz|Chunk Verification|Creating eStargz|Optimizing eStargz|Handling (pull/push/run) eStargz*|...
It would be great if we can inject scripts for Kubernetess livenessProbes and readinessProbes: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ The script path would be like `/.stargz-snapshotter/.probes/liveness`. If depending on `sh` inside container is problematic,...
[The current FUSE-based monitor implementation](https://github.com/containerd/stargz-snapshotter/blob/7e30a23808d1c17c7ff05e1d693bb8e3aa66ec7d/converter/optimizer/logger/logger.go) has several issues: - Does not work without CAP_SYS_ADMIN, i.e., does not work inside Kaniko/Makisu - Hard to support lazy-pulling during monitoring - ... So...