Rootless mode

[dsseng]

Is your feature request related to a problem? Please describe. Kubernetes can be run rootless (see Usernetes). k0s is a great distribution, but it would be better for security and convenience to be able to run it with a regular user privileges level.

Describe the solution you'd like k0s controller --single --install-dir ~/k0s-install --data-dir ~/k0s-data Install happens to the specified directory and data will be stored in data dir. Single-node cluster works without rooted components.

Pros:

1. Security
2. Controlled and self-contained installation directory, no extra dirs for containerd and so on outside of k0s dir

Cons: typical limitations of rootless containers

Describe alternatives you've considered k0s-in-rootless-docker would be harder to do.

Additional context That would be super-convenient to have a single-node k0s-based deployment for development purposes. Single-directory setup will be more controllable,

[warmchang]

Run control-plane as non-root will be released as alpha feature in v1.22 of upstream k/k.

[ncopa]

Currently k0s' control plane does run without root privileges. It runs the different control plane daemons as different users. k0s itself runs as root to be able start those process with separate non-root privileges. You should also be able to start k0s controller itself as non-root, if you specify --data-dir to a place where the user has write access. In this case the entire control plane should run as the user that started it. etcd, scheduler, api server would run as the same non-root user.

It is a different story when it comes to the workers, including --single. This may need some work.

[jnummelin]

The issue is marked as stale since no activity has been recorded in 30 days

[github-actions[bot]]

The issue is marked as stale since no activity has been recorded in 30 days