Usernetes Versions Save

Kubernetes without the root privileges

gen2-v20240410.0

1 month ago

What's Changed

Full Changelog: https://github.com/rootless-containers/usernetes/compare/gen2-v20240404.1...gen2-v20240410.0

gen2-v20240404.1

1 month ago

What's Changed

Full Changelog: https://github.com/rootless-containers/usernetes/compare/gen2-v20240203.0...gen2-v20240404.1

gen2-v20240203.0

3 months ago

What's Changed

Full Changelog: https://github.com/rootless-containers/usernetes/compare/gen2-v20231218.0...gen2-v20240203.0

gen2-v20231218.0

5 months ago

What's Changed

New Contributors

Full Changelog: https://github.com/rootless-containers/usernetes/compare/gen2-v20230919.0...gen2-v20231218.0

gen2-v20230919.0

7 months ago
  • Support CONTAINER_ENGINE=(podman|nerdctl) in addition to docker (#305)
  • Avoid printing kubeadm token to the terminal (#307)

gen2-v20230915.0

8 months ago
  • Support VXLAN on GCP (as well as on AWS, Azure, etc.) (#300)
  • Support Rocky Linux 9 and AlmaLinux 9 hosts (#301)
  • Move init-host scripts out of the hack directory (#302)
  • Add make kubectl (#303)

gen2-v20230906.0

8 months ago

This is the first release of "Usernetes Generation 2" (https://github.com/rootless-containers/usernetes/pull/287)

Usernetes: Kubernetes without the root privileges (Generation 2)

Usernetes (Gen2) deploys a Kubernetes cluster inside Rootless Docker, so as to mitigate potential container-breakout vulnerabilities.

Note

Usernetes (Gen2) has significantly diverged from the original Usernetes (Gen1), which did not require Rootless Docker to be installed on hosts.

See the gen1 branch for the original Usernetes (Gen1).

Usernetes (Gen2) is similar to Rootless kind and Rootless minikube, but Usernetes (Gen 2) supports creating a cluster with multiple hosts.

Components

  • Cluster configuration: kubeadm
  • CRI: containerd
  • OCI: runc
  • CNI: Flannel

Requirements

Note

Using Ubuntu 22.04 hosts is recommended.

curl -o install.sh -fsSL https://get.docker.com
sudo sh install.sh
dockerd-rootless-setuptool.sh install
  • systemd lingering:
sudo loginctl enable-linger $(whoami)
  • cgroup v2 delegation:
sudo mkdir -p /etc/systemd/system/[email protected]

cat <<EOF | sudo tee /etc/systemd/system/[email protected]/delegate.conf
[Service]
Delegate=cpu cpuset io memory pids
EOF

sudo systemctl daemon-reload
  • Kernel modules:
sudo modprobe vxlan

Usage

See make help.

# Bootstrap a cluster
make up
make kubeadm-init
make install-flannel

# Enable kubectl
make kubeconfig
export KUBECONFIG=$(pwd)/kubeconfig
kubectl get pods -A

# Multi-host
make join-command
scp join-command another-host:~/usernetes
ssh another-host make -C ~/usernetes up kubeadm-join

# Debug
make logs
make shell
make down-v
kubectl taint nodes --all node-role.kubernetes.io/control-plane-

Limitations

  • Node ports cannot be exposed automatically. Edit docker-compose.yaml for exposing additional node ports.
  • Most of host files are not visible with hostPath mounts. Edit docker-compose.yaml for mounting additional files.
  • Some volume drivers such as nfs do not work.

Advanced topics

v20230816.0

9 months ago

Kubernetes version: v1.28.0

Build logs (available for 90 days): https://github.com/rootless-containers/usernetes/actions/runs/5874550853/job/15929481770

v20230518.0

1 year ago

Kubernetes version: v1.27.2

Thanks to @cloud-66 for #279

Build logs (available for 90 days): https://github.com/rootless-containers/usernetes/actions/runs/5009284196/jobs/8978057689

v20221007.0

1 year ago

Kubernetes version: v1.25.2

Build logs (available for 90 days): https://github.com/rootless-containers/usernetes/actions/runs/3204008677/jobs/5234781877