{"id":24517720,"url":"https://github.com/pyzh/rootless-kubernetes","last_synced_at":"2025-03-15T11:10:54.685Z","repository":{"id":196578539,"uuid":"164427299","full_name":"pyzh/rootless-kubernetes","owner":"pyzh","description":"run kubernetes without root privilege?","archived":false,"fork":false,"pushed_at":"2017-04-17T13:53:19.000Z","size":26,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-22T01:36:42.245Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pyzh.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-01-07T12:09:19.000Z","updated_at":"2019-01-07T12:09:22.000Z","dependencies_parsed_at":"2023-09-26T08:19:36.943Z","dependency_job_id":null,"html_url":"https://github.com/pyzh/rootless-kubernetes","commit_stats":null,"previous_names":["pyzh/rootless-kubernetes"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyzh%2Frootless-kubernetes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyzh%2Frootless-kubernetes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyzh%2Frootless-kubernetes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyzh%2Frootless-kubernetes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyzh","download_url":"https://codeload.github.com/pyzh/rootless-kubernetes/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243719399,"owners_count":20336607,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-22T01:34:57.675Z","updated_at":"2025-03-15T11:10:54.666Z","avatar_url":"https://github.com/pyzh.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"===================\nRootless Kubernetes\n===================\n\nThis is still a work in progress. A lot of changes are going to be\nmade. Application developers should go with Minikube__ .\n\n.. __: https://github.com/kubernetes/minikube\n\nIt is impossible to run Kubernetes without root privilege. As of\nKubernetes 1.6.1, unless a few kernel parameters set to its desired\nvalue, kubelet won't start any container. Run :code:`./sysctl\nconfigure` with root privilege to set these kernel parameters, and\n:code:`./sysctl restore` to restore them later. And Arch Linux users\nshould read no further, since `user namespace is disabled in Arch\nLinux`__. To create other namespaces, a non-root user has to first\ncreate a user namespace.\n\n.. __: https://wiki.archlinux.org/index.php/Linux_Containers#Privileged_containers_or_unprivileged_containers\n\nRun :code:`./setup` to make an Alpine Linux chroot, and download\nprebuilt etcd and kubernetes binaries. You may export environment\nvariables in :code:`./vars` to change to a different mirror. You may\nalso run :code:`./test` to check if following examples really work.\n\n================= =========================== =======================================\n\\                 Environment variable        Default\n================= =========================== =======================================\n`Alpine Linux`__  :code:`ALPINE_MIRROR`       http://dl-cdn.alpinelinux.org/alpine\n`etcd`__          :code:`ETCD_MIRROR`         https://storage.googleapis.com/etcd\n`Kuberenetes`__   :code:`KUBERNETES_MIRROR`   https://dl.k8s.io\n================= =========================== =======================================\n\n.. __: https://alpinelinux.org/\n.. __: https://github.com/coreos/etcd/releases/\n.. __: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md\n\nOnce done, run :code:`./enter-chroot` to start a shell in the\nchroot.\n\n\nStandalone kubelet\n==================\n\nExamples in this section are taken from `What even is a kubelet?`__\n\n.. __: http://kamalmarhubi.com/blog/2015/08/27/what-even-is-a-kubelet/\n\nstart fake CRI runtime and kubelet\n\n.. code::\n\n    # cd\n    # ./bin/start-standalone\n\nIn standalone mode, kubelet polls a directory instead of API server\nfor pod manifests.\n\n.. code::\n\n    # cp manifests/pod.yaml nodes/node1/kubelet/manifests\n\nhere is the :code:`manifests/pod.yaml`\n\n.. code::\n\n    apiVersion: v1\n    kind: Pod\n    metadata:\n      name: hello\n    spec:\n      containers:\n      - name: hello\n        image: hello\n\nInstead of pulling images from docker registry, fake CRI runtime looks\nup scripts under :code:`images` directory.\n\nhere is the :code:`images/hello`\n\n.. code::\n\n    ncat -k -c 'echo hello' -l 0.0.0.0 80\n\n\nThe network namespace of each pod is created with\n:code:`ip netns add ${hostname}`, and run :code:`/root/bin/showip\n${hostname}` will show its ip address.\n\n.. code::\n\n    # ncat --recv-only $(./bin/showip hello-node1) 80\n    hello\n\n\n\nBinding\n=======\n\nExamples in this section are taken from `Kubernetes from the ground\nup: the API server`__ and `Kubernetes from the ground up: the\nscheduler`__\n\n.. __: http://kamalmarhubi.com/blog/2015/09/06/kubernetes-from-the-ground-up-the-api-server/\n.. __: http://kamalmarhubi.com/blog/2015/11/17/kubernetes-from-the-ground-up-the-scheduler/\n\nWe begins with single master first. etcd and API server runs with the\nsame network namespace as dnsmasq.\n\n.. code::\n\n    # cd\n    # ./bin/start-single-master\n\nstart a node, :code:`node1`\n\n.. code::\n\n    # ./bin/newnode node1\n    # kubectl get nodes\n    NAME      STATUS    AGE       VERSION\n    node1     Ready     1s        v1.6.1\n\ncreate a pod\n\n.. code::\n\n    # kubectl create --filename manifests/pod.yaml\n    pod \"hello\" created\n    # kubectl get pods\n    NAME      READY     STATUS    RESTARTS   AGE\n    hello     0/1       Pending   0          4s\n\nAs you can see, the pod is pending. We can bind it manually to a node\nto make it run.\n\n.. code::\n\n    # kubectl create --filename manifests/bind.yaml\n    binding \"hello\" created\n    # kubectl get pods --watch\n    NAME      READY     STATUS              RESTARTS   AGE\n    hello     0/1       ContainerCreating   0          10s\n    hello     1/1       Running   0         14s\n    ^C\n    # ncat --recv-only $(kubectl get pod hello -o jsonpath='{ .status.podIP }') 80\n    hello\n\nAnd here is the :code:`manifests/bind.yaml`\n\n.. code::\n\n    apiVersion: v1\n    kind: Binding\n    metadata:\n      name: hello\n    target:\n      apiVersion: v1\n      kind: Node\n      name: node1\n\nWe can also run a scheduler to do the binding.\n\n.. code::\n\n    # cd\n    # ./bin/start-single-master scheduler\n    # ./bin/newnode node1\n    # kubectl get nodes\n    NAME      STATUS    AGE       VERSION\n    node1     Ready     1s        v1.6.1\n    # kubectl create --filename manifests/pod.yaml\n    pod \"hello\" created\n    # kubectl get pods\n    NAME      READY     STATUS    RESTARTS   AGE\n    hello     1/1       Running   0          4s\n    # ncat --recv-only $(kubectl get pod hello -o jsonpath='{ .status.podIP }') 80\n    hello\n\n\nReplicas and Rolling update\n===========================\n\nstart etcd, API server, scheduler and controller-manager\n\n.. code::\n\n    # cd\n    # ./bin/start-single-master scheduler controller-manager\n    # ./bin/newnode node1 node2 node3\n    # kubectl get nodes\n    NAME      STATUS    AGE       VERSION\n    node1     Ready     6s        v1.6.1\n    node2     Ready     6s        v1.6.1\n    node3     Ready     5s        v1.6.1\n\ncreate replicaset, which in turn will create pods\n\n.. code::\n\n    # kubectl create --filename manifests/rs.yaml\n    replicaset \"hello\" create\n    # kubectl get rs\n    NAME      DESIRED   CURRENT   READY     AGE\n    hello     3         3         0         5s\n    # kubectl get pods\n    NAME          READY     STATUS    RESTARTS   AGE\n    hello-1s8jr   1/1       Running   0          10s\n    hello-hsz96   1/1       Running   0          10s\n    hello-j6r04   1/1       Running   0          10s\n\nnode of each pod\n\n.. code::\n\n    # kubectl get pods -o custom-columns='Name:.metadata.name,Node:.spec.nodeName'\n    Name          Node\n    hello-1s8jr   node1\n    hello-hsz96   node2\n    hello-j6r04   node3\n\ncheck if all respond with hello\n\n.. code::\n\n    # kubectl get pods -lapp=hello -o jsonpath='{range .items[*] }{ .status.podIP }{\"\\n\"}{ end }' | xargs -I {} ncat --recv-only {} 80\n    hello\n    hello\n    hello\n\nscale up to 4 replicas\n\n.. code::\n\n    # kubectl scale --replicas=4 --filename manifests/rs.yaml\n    replicaset \"hello\" scaled\n    # kubectl get rs\n    NAME      DESIRED   CURRENT   READY     AGE\n    hello     4         4         4         20s\n\n\ndeployment will create new replicaset on rolling update, decrease the\nnumber of replicas of the old replicaset and increase the number of\nreplicas of the new replicaset\n\n.. code::\n\n    # cd\n    # ./bin/start-single-master scheduler controller-manager\n    # ./bin/newnode node1 node2 node3\n    # kubectl get nodes\n    NAME      STATUS    AGE       VERSION\n    node1     Ready     6s        v1.6.1\n    node2     Ready     6s        v1.6.1\n    node3     Ready     5s        v1.6.1\n\ncreate a new deployment\n\n.. code::\n\n    # kubectl create --filename manifests/deployment.yaml\n    deployment \"hello\" created\n    # kubectl get deployment\n    NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE\n    hello     3         3         3            0           5s\n    # kubectl get rs\n    NAME               DESIRED   CURRENT   READY     AGE\n    hello-4050249537   3         3         3         17s\n    # kubectl get pods -lapp=hello -o jsonpath='{range .items[*] }{ .status.podIP }{\"\\n\"}{ end }' | xargs -I {} ncat --recv-only {} 80\n    hello\n    hello\n    hello\n\nchange image to hello-world to start a rolling update\n\n.. code::\n\n    # kubectl set image deployment/hello hello=hello-world\n    deployment \"hello\" image updated\n    # kubectl rollout status deployment/hello\n    Waiting for rollout to finish: 1 out of 3 new replicas have been updated...\n    Waiting for rollout to finish: 1 out of 3 new replicas have been updated...\n    Waiting for rollout to finish: 1 out of 3 new replicas have been updated...\n    Waiting for rollout to finish: 2 out of 3 new replicas have been updated...\n    Waiting for rollout to finish: 2 out of 3 new replicas have been updated...\n    Waiting for rollout to finish: 2 out of 3 new replicas have been updated...\n    Waiting for rollout to finish: 1 old replicas are pending termination...\n    Waiting for rollout to finish: 1 old replicas are pending termination...\n    deployment \"hello\" successfully rolled out\n    # kubectl get rs\n    NAME               DESIRED   CURRENT   READY     AGE\n    hello-1359538582   3         3         3         22s\n    hello-4050249537   0         0         0         56s\n    # kubectl get pods -lapp=hello -o jsonpath='{range .items[*] }{ .status.podIP }{\"\\n\"}{ end }' | xargs -I {} ncat --recv-only {} 80\n    hello world\n    hello world\n    hello world\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpyzh%2Frootless-kubernetes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpyzh%2Frootless-kubernetes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpyzh%2Frootless-kubernetes/lists"}