Skip to content

Commit

Permalink
rootless: support --container-runtime=docker
Browse files Browse the repository at this point in the history
This allows running Kubernetes with (CRI-)Dockerd in Rootless Docker:
```
minikube start --rootless --driver=docker --container-runtime=docker
```

It is still recommended to use `--container-runtime=containerd`.

Fix issue 17322

Signed-off-by: Akihiro Suda <[email protected]>
  • Loading branch information
AkihiroSuda committed Oct 29, 2023
1 parent 12f5db0 commit 4c2180a
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 6 deletions.
3 changes: 0 additions & 3 deletions cmd/minikube/cmd/start_flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -619,9 +619,6 @@ func generateNewConfigFromFlags(cmd *cobra.Command, k8sVersion string, rtime str
}
if si.Rootless {
out.Styled(style.Notice, "Using rootless {{.driver_name}} driver", out.V{"driver_name": driver.FullName(drvName)})
if cc.KubernetesConfig.ContainerRuntime == constants.Docker {
exit.Message(reason.Usage, "--container-runtime must be set to \"containerd\" or \"cri-o\" for rootless")
}
// KubeletInUserNamespace feature gate is essential for rootless driver.
// See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/
cc.KubernetesConfig.FeatureGates = addFeatureGate(cc.KubernetesConfig.FeatureGates, "KubeletInUserNamespace=true")
Expand Down
10 changes: 8 additions & 2 deletions pkg/minikube/cruntime/docker.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,15 @@ func (r *Docker) Active() bool {
// Enable idempotently enables Docker on a host
func (r *Docker) Enable(disOthers bool, cgroupDriver string, inUserNamespace bool) error {
if inUserNamespace {
return errors.New("inUserNamespace must not be true for docker")
if err := CheckKernelCompatibility(r.Runner, 5, 11); err != nil {
// For using overlayfs
return fmt.Errorf("kernel >= 5.11 is required for rootless mode: %w", err)
}
if err := CheckKernelCompatibility(r.Runner, 5, 13); err != nil {
// For avoiding SELinux error with overlayfs
klog.Warningf("kernel >= 5.13 is recommended for rootless mode %v", err)
}
}

if disOthers {
if err := disableOthers(r, r.Runner); err != nil {
klog.Warningf("disableOthers: %v", err)
Expand Down
2 changes: 1 addition & 1 deletion site/content/en/docs/drivers/docker.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ minikube start --driver=docker --container-runtime=containerd
Unlike Podman driver, it is not necessary to set the `rootless` property of minikube (`minikube config set rootless true`).
When the `rootless` property is explicitly set but the current Docker host is not rootless, minikube fails with an error.

The `--container-runtime` flag must be set to "containerd" or "cri-o". "containerd" is recommended.
It is recommended to set the `--container-runtime` flag to "containerd".
{{% /tab %}}
{{% /tabs %}}

Expand Down

0 comments on commit 4c2180a

Please sign in to comment.