Skip to main content

podman-rootless

ben.wangzLess than 1 minute

podman-rootless

references

  • https://kind.sigs.k8s.io/docs/user/rootless/
  • https://kind.sigs.k8s.io/docs/user/configuration/

prepare materials

  1. fedora 38
  2. root account is not required(except 'configure for rootless')
  3. podman
    • sudo dnf -y install podman
      
  4. kind binary
    • MIRROR="files.m.daocloud.io/"
      VERSION=v0.20.0
      [ $(uname -m) = x86_64 ] && curl -sSLo kind "https://${MIRROR}github.com/kubernetes-sigs/kind/releases/download/${VERSION}/kind-linux-amd64"
      [ $(uname -m) = aarch64 ] && curl -sSLo kind "https://${MIRROR}github.com/kubernetes-sigs/kind/releases/download/${VERSION}/kind-linux-arm64"
      chmod u+x kind
      mkdir -p ${HOME}/bin
      mv -f kind ${HOME}/bin
      
      
  5. kubectl binary
    • MIRROR="files.m.daocloud.io/"
      VERSION=$(curl -L -s "https://${MIRROR}dl.k8s.io/release/stable.txt")
      [ $(uname -m) = x86_64 ] && curl -sSLo kubectl "https://${MIRROR}dl.k8s.io/release/${VERSION}/bin/linux/amd64/kubectl"
      [ $(uname -m) = aarch64 ] && curl -sSLo kubectl "https://${MIRROR}dl.k8s.io/release/${VERSION}/bin/linux/arm64/kubectl"
      chmod u+x kubectl
      mkdir -p ${HOME}/bin
      mv -f kubectl ${HOME}/bin
      
      
  6. image of kind node
    • MIRROR=""
      IMAGE=docker.io/kindest/node:v1.29.0
      podman pull ${MIRROR}${IMAGE}
      podman tag ${MIRROR}${IMAGE} ${IMAGE}
      
  7. (optional) disable aegis service and reboot system for aliyun
    • https://bugzilla.openanolis.cn/show_bug.cgi?id=5437
    • sudo systemctl disable aegis && sudo reboot
      

configure for rootless

  1. The host needs to be running with cgroup v2
    • podman info | grep -i cgroup
      
    • expected output contains cgroupVersion: v2
    • if not, see: https://kind.sigs.k8s.io/docs/user/rootless/#host-requirements
  2. configure systemd
    • sudo mkdir -p /etc/systemd/system/user@.service.d
      sudo bash -c 'cat > /etc/systemd/system/user@.service.d/delegate.conf <<EOF
      [Service]
      Delegate=yes
      EOF'
      
  3. configure modules of iptables
    • sudo bash -c 'cat > /etc/modules-load.d/iptables.conf <<EOF
      ip6_tables
      ip6table_nat
      ip_tables
      iptable_nat
      EOF'
      
  4. reload
    • sudo systemctl daemon-reload
      sudo systemctl restart podman
      

start/stop with default configuration

  • KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster --image=docker.io/kindest/node:v1.29.0
    # you can use kubectl to interact with the k8s cluster when succeed
    # kubectl get pod -A
    
  • KIND_EXPERIMENTAL_PROVIDER=podman kind delete cluster
    

start with custom configuration

  1. prepare configuration file named kind.yaml
    • kind: Cluster
      apiVersion: kind.x-k8s.io/v1alpha4
      nodes:
      - role: control-plane
        extraPortMappings:
        - containerPort: 30443
          hostPort: 30443
          listenAddress: 0.0.0.0
          protocol: TCP
        - containerPort: 32080
          hostPort: 32080
          listenAddress: 0.0.0.0
          protocol: TCP
        - containerPort: 32443
          hostPort: 32443
          listenAddress: 0.0.0.0
          protocol: TCP
      - role: worker
      - role: worker
      
      
    • NOTE: one control-plane with two workers
    • NOTE: container port 32080 and 32443 are bind to host ports(80 and 443)
  2. start
    • KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster --image=docker.io/kindest/node:v1.29.0 --config kind.yaml