Skip to content

Commit 1041116

Browse files
ericpaulsenericpaulsen
committed
changes from feedback
1 parent b664cb2 commit 1041116

File tree

1 file changed

+27
-6
lines changed

1 file changed

+27
-6
lines changed

docs/admin/templates/extending-templates/docker-in-workspaces.md

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -266,19 +266,40 @@ Before using Podman, please review the following documentation:
266266
> For more information around the requirements of rootless podman pods, see:
267267
> [How to run Podman inside of Kubernetes](https://www.redhat.com/sysadmin/podman-inside-kubernetes)
268268
269-
### Bottlerocket
270-
To use rootless Podman on [Bottlerocket](https://github.com/bottlerocket-os/bottlerocket) nodes requires enabling user namespaces on the node
271-
> [Github.com: Bottlerocket user namespace discussion](https://github.com/bottlerocket-os/bottlerocket/discussions/3318)
269+
### Rootless Podman on Bottlerocket nodes
272270
273-
You can set this in the user data on the node. If using EKS with Karpenter you can set it in the EC2NodeClass like this:
271+
Rootless containers rely on Linux user-namespaces.
272+
[Bottlerocket](https://github.com/bottlerocket-os/bottlerocket) disables them by default (`user.max_user_namespaces = 0`), so Podman commands will return an error until you raise the limit:
273+
274+
```output
275+
cannot clone: Invalid argument
276+
user namespaces are not enabled in /proc/sys/user/max_user_namespaces
277+
```
278+
279+
1. Add a `user.max_user_namespaces` value to your Bottlerocket user data to use rootless Podman on the node:
280+
281+
```toml
282+
[settings.kernel.sysctl]
283+
"user.max_user_namespaces" = "65536"
284+
```
285+
286+
1. Reboot the node.
287+
1. Verify that the value is more than `0`:
288+
289+
```shell
290+
sysctl -n user.max_user_namespaces
291+
```
292+
293+
For Karpenter-managed Bottlerocket nodes, add the `user.max_user_namespaces` setting in your `EC2NodeClass`:
274294
275295
```yaml
276296
apiVersion: karpenter.k8s.aws/v1
277297
kind: EC2NodeClass
278298
metadata:
279-
name: default
299+
name: bottlerocket-rootless
280300
spec:
281-
# ...
301+
amiFamily: Bottlerocket # required for BR-style userData
302+
# …
282303
userData: |
283304
[settings.kernel]
284305
sysctl = { "user.max_user_namespaces" = "65536" }

0 commit comments

Comments
 (0)