k3s/pkg
Akihiro Suda 6e8284e3d4 rootless: enable resource limitation (requires cgroup v2, systemd)
Now rootless mode can be used with cgroup v2 resource limitations.
A pod is executed in a cgroup like "/user.slice/user-1001.slice/user@1001.service/k3s-rootless.service/kubepods/podd0eb6921-c81a-4214-b36c-d3b9bb212fac/63b5a253a1fd4627da16bfce9bec58d72144cf30fe833e0ca9a6d60ebf837475".

This is accomplished by running `kubelet` in a cgroup namespace, and enabling `cgroupfs` driver for the cgroup hierarchy delegated by systemd.

To enable cgroup v2 resource limitation, `k3s server --rootless` needs to be launched as `systemctl --user` service.
Please see the comment lines in `k3s-rootless.service` for the usage.

Running `k3s server --rootless` via a terminal is not supported.
When it really needs to be launched via a terminal, `systemd-run --user -p Delegate --tty` needs to be prepended to create a systemd scope.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 00:37:30 -07:00
..
agent rootless: enable resource limitation (requires cgroup v2, systemd) 2021-03-24 00:37:30 -07:00
apiaddresses Add disable flags for control components (#2900) 2021-02-12 17:35:57 +02:00
apis/k3s.cattle.io Update generated code 2019-10-30 19:08:26 -07:00
authenticator Use secrets for node-passwd entries and cleanup 2020-11-05 09:48:53 -07:00
bootstrap Refactor tokens, bootstrap, and cli args 2019-10-30 19:06:49 -07:00
cli Define a Controllers and LeaderControllers on the server config (#3043) 2021-03-11 10:39:00 -08:00
clientaccess Always use static ports for client load-balancers (#3026) 2021-03-06 02:29:57 -08:00
cloudprovider Replace k3s cloud provider wrangler controller with core node informer (#2843) 2021-01-22 16:59:48 -08:00
cluster put etcd bootstrap save call in goroutine and update comment 2021-03-17 14:33:00 -07:00
codegen Add support for disabling all staged content 2020-09-14 14:21:37 -07:00
configfilearg Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s (#2594) 2020-12-16 09:27:57 -08:00
containerd add fuse-overlayfs snapshotter (mainly for rootless mode) 2020-12-01 11:00:00 -08:00
ctr Build & enable ctr with k3s server 2019-06-30 09:30:25 -07:00
daemons rootless: enable resource limitation (requires cgroup v2, systemd) 2021-03-24 00:37:30 -07:00
datadir Make program name a variable to be changed at compile time 2020-06-06 16:39:41 -07:00
dataverify Add file verification for data directory 2020-10-06 10:29:27 -07:00
deploy Update to Traefik 2.4.2 and combine manifests 2021-03-01 10:44:24 -07:00
etcd remove etcd data dir when etcd is disabled (#3059) 2021-03-16 18:14:43 +02:00
flock Add Release function for flock 2020-10-06 10:29:27 -07:00
generated Update go.mod for k8s 1.19 2020-08-28 17:18:31 -07:00
kubectl Update Kubernetes to v1.20.0-k3s1 2020-12-08 22:51:34 -08:00
netutil Initial Logging Output Update (#2246) 2020-09-21 09:56:03 -07:00
node Use secrets for node-passwd entries and cleanup 2020-11-05 09:48:53 -07:00
nodeconfig Call setproctitle to conceal node args in ps output 2020-07-28 15:49:49 -07:00
nodepassword Use secrets for node-passwd entries and cleanup 2020-11-05 09:48:53 -07:00
passwd Use secrets for node-passwd entries and cleanup 2020-11-05 09:48:53 -07:00
rootless rootless: enable resource limitation (requires cgroup v2, systemd) 2021-03-24 00:37:30 -07:00
rootlessports Initial Logging Output Update (#2246) 2020-09-21 09:56:03 -07:00
server Define a Controllers and LeaderControllers on the server config (#3043) 2021-03-11 10:39:00 -08:00
servicelb Collect IPs from all pods before deciding to use internal or external addresses (#2909) 2021-02-09 16:26:57 -08:00
static Update to Traefik 2.4.2 and combine manifests 2021-03-01 10:44:24 -07:00
token Refactor tokens, bootstrap, and cli args 2019-10-30 19:06:49 -07:00
untar Limit zstd decoder memory 2021-02-17 11:48:03 -08:00
util fix formatting 2020-02-23 00:48:26 -08:00
version remove hard coded value 2020-07-09 11:20:06 -07:00