nestybox
Customization of Sysbox yaml installer
Hi,
We are using Sysbox seems some weeks with production workload (CI/CD), we found that most of the docker operation within the sysbox container (Kubernetes) is somehow quite slow.
After talking with @rodnymolina , one solution could be to change the xattr as described here which require to update the sysbox-mgr config, but this is not practical because we are using autoscaling and so on, so we need a way to chnage the installer script to support those value.
Hi @shinji62, thanks for filing the issue.
As a temporary work-around, you could consider adding the following env-var to the sysbox pod's spec:
SYSBOX_ALLOW_TRUSTED_XATTR=FALSE
The real solution would be to have the sysbox-k8s-deploy daemonset take a configMap that configures sysbox as it's installed on the k8s node, as described in issue 533.
As a temporary work-around, you could consider adding the following env-var to the sysbox pod's spec
SYSBOX_ALLOW_TRUSTED_XATTR=FALSE
Not sure I understand. ? I am running on kubernetes, so you mean the pod spec of the runner container or not the sysbox pod daemon like
Image: registry.nestybox.com/nestybox/sysbox-deploy-k8s:v0.5.2
Not sure I understand. ? I am running on kubernetes, so you mean the pod spec of the runner container or not the sysbox pod daemon like
Image: registry.nestybox.com/nestybox/sysbox-deploy-k8s:v0.5.2
I mean the spec of the pod that you will deploy with Sysbox (not the sysbox-deploy-k8s pod itself).
Background: it's possible to tell Sysbox to not intercept the *xattr() syscalls on a per-container basis. The way this is done is by passing the env var SYSBOX_ALLOW_TRUSTED_XATTR=FALSE to the container. Thus, you want to set up the pod spec for the container such that this env var is set.
Hope that helps!