gvisor/content/docs/user_guide/kubernetes.md

+++
title = "Kubernetes"
weight = 20
+++
gVisor can be used to run Kubernetes pods and has several integration points
with Kubernetes.

## Using Minikube

gVisor can run sandboxed containers in a Kubernetes cluster with Minikube.
After the gVisor addon is enabled, pods with
`io.kubernetes.cri.untrusted-workload` set to true will execute with `runsc`.
Follow [these instructions][minikube] to enable gVisor addon.

## Using Containerd

You can also setup Kubernetes nodes to run pods in gvisor using the
[containerd][containerd] CRI runtime and the `gvisor-containerd-shim`. You can
use either the `io.kubernetes.cri.untrusted-workload` annotation or
[RuntimeClass][runtimeclass] to run Pods with `runsc`. You can find
instructions [here][gvisor-containerd-shim].

[containerd]: https://containerd.io/
[minikube]: https://github.com/kubernetes/minikube/blob/master/deploy/addons/gvisor/README.md
[gvisor-containerd-shim]: https://github.com/google/gvisor-containerd-shim
[runtimeclass]: https://kubernetes.io/docs/concepts/containers/runtime-class/
Initial commit 2019-03-30 02:40:11 +00:00			`+++`
			`title = "Kubernetes"`
Update kubernetes.md 2019-04-03 16:08:05 +00:00			`weight = 20`
Initial commit 2019-03-30 02:40:11 +00:00			`+++`
Update Kubernetes doc page - Add info on RuntimeClass - Add section headers to clearly show content organization 2019-04-03 06:10:26 +00:00			`gVisor can be used to run Kubernetes pods and has several integration points`
			`with Kubernetes.`
Initial commit 2019-03-30 02:40:11 +00:00
Update Kubernetes doc page - Add info on RuntimeClass - Add section headers to clearly show content organization 2019-04-03 06:10:26 +00:00			`## Using Minikube`
Initial commit 2019-03-30 02:40:11 +00:00
Update Kubernetes doc page - Add info on RuntimeClass - Add section headers to clearly show content organization 2019-04-03 06:10:26 +00:00			`gVisor can run sandboxed containers in a Kubernetes cluster with Minikube.`
			`After the gVisor addon is enabled, pods with`
			`io.kubernetes.cri.untrusted-workload` set to true will execute with `runsc`.
			`Follow [these instructions][minikube] to enable gVisor addon.`

			`## Using Containerd`

			`You can also setup Kubernetes nodes to run pods in gvisor using the`
			[containerd][containerd] CRI runtime and the `gvisor-containerd-shim`. You can
			use either the `io.kubernetes.cri.untrusted-workload` annotation or
			[RuntimeClass][runtimeclass] to run Pods with `runsc`. You can find
			`instructions [here][gvisor-containerd-shim].`

			`[containerd]: https://containerd.io/`
Initial commit 2019-03-30 02:40:11 +00:00			`[minikube]: https://github.com/kubernetes/minikube/blob/master/deploy/addons/gvisor/README.md`
			`[gvisor-containerd-shim]: https://github.com/google/gvisor-containerd-shim`
Update Kubernetes doc page - Add info on RuntimeClass - Add section headers to clearly show content organization 2019-04-03 06:10:26 +00:00			`[runtimeclass]: https://kubernetes.io/docs/concepts/containers/runtime-class/`