Skip to main content

podman-rootless

ben.wangzLess than 1 minute

podman-rootless

references

  • https://kind.sigs.k8s.io/docs/user/rootless/
  • https://kind.sigs.k8s.io/docs/user/configuration/

prepare materials

  1. fedora 38
  2. root account is not required(except 'configure for rootless')
  3. podman 
    • sudo dnf -y install podman
  4. kind binary 
    • MIRROR="files."
VERSION=v0.20.0
[ $(uname -m) = x86_64 ] && curl -sSLo kind "https://${MIRROR}github.com/kubernetes-sigs/kind/releases/download/${VERSION}/kind-linux-amd64"
[ $(uname -m) = aarch64 ] && curl -sSLo kind "https://${MIRROR}github.com/kubernetes-sigs/kind/releases/download/${VERSION}/kind-linux-arm64"
chmod u+x kind
mkdir -p ${HOME}/bin
mv -f kind ${HOME}/bin
  5. kubectl binary 
    • MIRROR="files."
VERSION=$(curl -L -s "https://${MIRROR}dl.k8s.io/release/stable.txt")
[ $(uname -m) = x86_64 ] && curl -sSLo kubectl "https://${MIRROR}dl.k8s.io/release/${VERSION}/bin/linux/amd64/kubectl"
[ $(uname -m) = aarch64 ] && curl -sSLo kubectl "https://${MIRROR}dl.k8s.io/release/${VERSION}/bin/linux/arm64/kubectl"
chmod u+x kubectl
mkdir -p ${HOME}/bin
mv -f kubectl ${HOME}/bin
  6. image of kind node 
    • MIRROR=""
IMAGE=docker.io/kindest/node:v1.29.0
podman pull ${MIRROR}${IMAGE}
podman tag ${MIRROR}${IMAGE} ${IMAGE}
  7. (optional) disable aegis service and reboot system for aliyun
    • https://bugzilla.openanolis.cn/show_bug.cgi?id=5437
    • sudo systemctl disable aegis && sudo reboot

configure for rootless

  1. The host needs to be running with cgroup v2 
    • podman info | grep -i cgroup
    • expected output contains cgroupVersion: v2
    • if not, see: https://kind.sigs.k8s.io/docs/user/rootless/#host-requirements
  2. configure systemd 
    • sudo mkdir -p /etc/systemd/system/user@.service.d
sudo bash -c 'cat > /etc/systemd/system/user@.service.d/delegate.conf <<EOF
[Service]
Delegate=yes
EOF'
  3. configure modules of iptables 
    • sudo bash -c 'cat > /etc/modules-load.d/iptables.conf <<EOF
ip6_tables
ip6table_nat
ip_tables
iptable_nat
EOF'
  4. reload 
    • sudo systemctl daemon-reload
sudo systemctl restart podman

start/stop with default configuration

  • KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster --image=docker.io/kindest/node:v1.29.0
# you can use kubectl to interact with the k8s cluster when succeed
# kubectl get pod -A

  • KIND_EXPERIMENTAL_PROVIDER=podman kind delete cluster

start with custom configuration

  1. prepare configuration file named kind.yaml
    • kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 30443
    hostPort: 30443
    listenAddress: 0.0.0.0
    protocol: TCP
  - containerPort: 32080
    hostPort: 32080
    listenAddress: 0.0.0.0
    protocol: TCP
  - containerPort: 32443
    hostPort: 32443
    listenAddress: 0.0.0.0
    protocol: TCP
- role: worker
- role: worker
    • NOTE: one control-plane with two workers
    • NOTE: container port 32080 and 32443 are bind to host ports(80 and 443)
  2. start 
    • KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster --image=docker.io/kindest/node:v1.29.0 --config kind.yaml
Default footer
Copyright © 2024 ben.wangz