1.0 KiB
1.0 KiB
+++ title = "Kubernetes" weight = 20 +++ gVisor can be used to run Kubernetes pods and has several integration points with Kubernetes.
Using Minikube
gVisor can run sandboxed containers in a Kubernetes cluster with Minikube.
After the gVisor addon is enabled, pods with
io.kubernetes.cri.untrusted-workload set to true will execute with runsc.
Follow these instructions to enable gVisor addon.
Using Containerd
You can also setup Kubernetes nodes to run pods in gvisor using the
containerd CRI runtime and the gvisor-containerd-shim. You can
use either the io.kubernetes.cri.untrusted-workload annotation or
RuntimeClass to run Pods with runsc. You can find
instructions here.