17 lines
748 B
Markdown
17 lines
748 B
Markdown
+++
|
|
title = "Kubernetes"
|
|
weight = 30
|
|
+++
|
|
gVisor can run sandboxed containers in a Kubernetes cluster with Minikube. After
|
|
the gVisor addon is enabled, pods with `io.kubernetes.cri.untrusted-workload`
|
|
set to true will execute with `runsc`. Follow [these instructions][minikube] to
|
|
enable gVisor addon.
|
|
|
|
You can also setup Kubernetes nodes to run pods in gvisor using the `containerd`
|
|
CRI runtime and the `gvisor-containerd-shim`. Pods with the
|
|
`io.kubernetes.cri.untrusted-workload` annotation will execute with `runsc`. You
|
|
can find instructions [here][gvisor-containerd-shim].
|
|
|
|
[minikube]: https://github.com/kubernetes/minikube/blob/master/deploy/addons/gvisor/README.md
|
|
[gvisor-containerd-shim]: https://github.com/google/gvisor-containerd-shim
|