1.6 KiB
Kubernetes
gVisor can be used to run Kubernetes pods and has several integration points with Kubernetes.
Using Minikube
gVisor can run sandboxed containers in a Kubernetes cluster with Minikube.
After the gVisor addon is enabled, pods with
io.kubernetes.cri.untrusted-workload set to true will execute with runsc.
Follow these instructions to enable gVisor addon.
Using Containerd
You can also setup Kubernetes nodes to run pods in gvisor using the
containerd CRI runtime and the gvisor-containerd-shim. You can
use either the io.kubernetes.cri.untrusted-workload annotation or
RuntimeClass to run Pods with runsc. You can find
instructions here.
Using GKE Sandbox
GKE Sandbox is available in Google Kubernetes Engine. You
just need to deploy a node pool with gVisor enabled in your cluster, and it will
run pods annotated with runtimeClassName: gvisor inside a gVisor sandbox for
you. Here is a quick example showing how to deploy a
WordPress site. You can view the full documentation here.