2020-04-28 05:24:58 +00:00
|
|
|
# Kubernetes
|
2019-09-12 07:26:09 +00:00
|
|
|
|
2019-04-03 06:10:26 +00:00
|
|
|
gVisor can be used to run Kubernetes pods and has several integration points
|
|
|
|
with Kubernetes.
|
2019-03-30 02:40:11 +00:00
|
|
|
|
2019-04-03 06:10:26 +00:00
|
|
|
## Using Minikube
|
2019-03-30 02:40:11 +00:00
|
|
|
|
2019-04-03 06:10:26 +00:00
|
|
|
gVisor can run sandboxed containers in a Kubernetes cluster with Minikube.
|
|
|
|
After the gVisor addon is enabled, pods with
|
|
|
|
`io.kubernetes.cri.untrusted-workload` set to true will execute with `runsc`.
|
|
|
|
Follow [these instructions][minikube] to enable gVisor addon.
|
|
|
|
|
|
|
|
## Using Containerd
|
|
|
|
|
|
|
|
You can also setup Kubernetes nodes to run pods in gvisor using the
|
|
|
|
[containerd][containerd] CRI runtime and the `gvisor-containerd-shim`. You can
|
|
|
|
use either the `io.kubernetes.cri.untrusted-workload` annotation or
|
|
|
|
[RuntimeClass][runtimeclass] to run Pods with `runsc`. You can find
|
|
|
|
instructions [here][gvisor-containerd-shim].
|
|
|
|
|
2019-09-06 23:41:23 +00:00
|
|
|
## Using GKE Sandbox
|
|
|
|
|
|
|
|
[GKE Sandbox][gke-sandbox] is available in [Google Kubernetes Engine][gke]. You
|
|
|
|
just need to deploy a node pool with gVisor enabled in your cluster, and it will
|
|
|
|
run pods annotated with `runtimeClassName: gvisor` inside a gVisor sandbox for
|
2019-11-18 21:40:27 +00:00
|
|
|
you. [Here][wordpress-quick] is a quick example showing how to deploy a
|
2019-09-06 23:41:23 +00:00
|
|
|
WordPress site. You can view the full documentation [here][gke-sandbox-docs].
|
|
|
|
|
2019-04-03 06:10:26 +00:00
|
|
|
[containerd]: https://containerd.io/
|
2019-03-30 02:40:11 +00:00
|
|
|
[minikube]: https://github.com/kubernetes/minikube/blob/master/deploy/addons/gvisor/README.md
|
2019-09-06 23:41:23 +00:00
|
|
|
[gke]: https://cloud.google.com/kubernetes-engine/
|
|
|
|
[gke-sandbox]: https://cloud.google.com/kubernetes-engine/sandbox/
|
|
|
|
[gke-sandbox-docs]: https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods
|
2019-03-30 02:40:11 +00:00
|
|
|
[gvisor-containerd-shim]: https://github.com/google/gvisor-containerd-shim
|
2019-04-03 06:10:26 +00:00
|
|
|
[runtimeclass]: https://kubernetes.io/docs/concepts/containers/runtime-class/
|
2019-10-24 04:21:45 +00:00
|
|
|
[wordpress-quick]: /docs/tutorials/kubernetes/
|