sig-node: Kubelet-in-UserNS, aka Rootless mode #2033
Description
Enhancement Description
-
One-line enhancement description (can be used as a release note):
Allow running the entire Kubernetes components (kubelet, CRI, OCI, CNI, and allkube-*) as a non-root user on the host. -
Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
-
Discussion Link:
- POC: https://github.com/rootless-containers/usernetes
- k/k PR: kubelet & kube-proxy: ignore sysctl errors and rlimit errors when running in UserNS (for rootless) kubernetes#92863 (merged in v1.22)
- Proposal in
kindrepo: Support Rootless Docker / Kubernetes kubernetes-sigs/kind#1797 - Proposal in
minikuberepo: add support for rootless Docker minikube#10836 - Documentation PR: Add
KubeletInUserNamespacefeature gate website#28827
-
Primary contact (assignee):
@AkihiroSuda -
Responsible SIGs:
SIG-node -
PRs by stage and milestone:
- Alpha - v1.22
- KEP (
k/enhancements) update PR(s): sig-node: Kubelet-in-UserNS, aka Rootless mode #1371 - Code (
k/k) update PR(s): kubelet & kube-proxy: ignore sysctl errors and rlimit errors when running in UserNS (for rootless) kubernetes#92863 - Docs (
k/website) update PR(s): AddKubeletInUserNamespacefeature gate website#28827
- KEP (
- Beta - v1.35
- KEP (
k/enhancements) update PR(s): KEP-2033: KubeletInUserNamespace: update the template; promote to beta #5388 - Code (
k/k) update PR(s): - Docs (
k/website) update(s):
- KEP (
- Stable - v1.xx
- KEP (
k/enhancements) update PR(s): - Code (
k/k) update PR(s): - Docs (
k/website) update(s):
- KEP (
- Alpha - v1.22