You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/admin/templates/extending-templates/docker-in-workspaces.md
+39Lines changed: 39 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -266,6 +266,45 @@ Before using Podman, please review the following documentation:
266
266
> For more information around the requirements of rootless podman pods, see:
267
267
> [How to run Podman inside of Kubernetes](https://www.redhat.com/sysadmin/podman-inside-kubernetes)
268
268
269
+
### Rootless Podman on Bottlerocket nodes
270
+
271
+
Rootless containers rely on Linux user-namespaces.
272
+
[Bottlerocket](https://github.com/bottlerocket-os/bottlerocket) disables them by default (`user.max_user_namespaces = 0`), so Podman commands willreturn an erroruntil you raise the limit:
273
+
274
+
```output
275
+
cannot clone: Invalid argument
276
+
user namespaces are not enabledin /proc/sys/user/max_user_namespaces
277
+
```
278
+
279
+
1. Add a`user.max_user_namespaces` value to your Bottlerocket user data to use rootless Podman on the node:
280
+
281
+
```toml
282
+
[settings.kernel.sysctl]
283
+
"user.max_user_namespaces" ="65536"
284
+
```
285
+
286
+
1. Reboot the node.
287
+
1. Verify that the value is more than`0`:
288
+
289
+
```shell
290
+
sysctl -n user.max_user_namespaces
291
+
```
292
+
293
+
For Karpenter-managed Bottlerocket nodes, add the`user.max_user_namespaces` settingin your`EC2NodeClass`:
294
+
295
+
```yaml
296
+
apiVersion: karpenter.k8s.aws/v1
297
+
kind: EC2NodeClass
298
+
metadata:
299
+
name: bottlerocket-rootless
300
+
spec:
301
+
amiFamily: Bottlerocket# required for BR-style userData