summaryrefslogtreecommitdiffhomepage
path: root/content/docs/user_guide/kubernetes.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/docs/user_guide/kubernetes.md')
-rw-r--r--content/docs/user_guide/kubernetes.md16
1 files changed, 16 insertions, 0 deletions
diff --git a/content/docs/user_guide/kubernetes.md b/content/docs/user_guide/kubernetes.md
new file mode 100644
index 000000000..a1150622f
--- /dev/null
+++ b/content/docs/user_guide/kubernetes.md
@@ -0,0 +1,16 @@
++++
+title = "Kubernetes"
+weight = 30
++++
+gVisor can run sandboxed containers in a Kubernetes cluster with Minikube. After
+the gVisor addon is enabled, pods with `io.kubernetes.cri.untrusted-workload`
+set to true will execute with `runsc`. Follow [these instructions][minikube] to
+enable gVisor addon.
+
+You can also setup Kubernetes nodes to run pods in gvisor using the `containerd`
+CRI runtime and the `gvisor-containerd-shim`. Pods with the
+`io.kubernetes.cri.untrusted-workload` annotation will execute with `runsc`. You
+can find instructions [here][gvisor-containerd-shim].
+
+[minikube]: https://github.com/kubernetes/minikube/blob/master/deploy/addons/gvisor/README.md
+[gvisor-containerd-shim]: https://github.com/google/gvisor-containerd-shim
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 02:46:31 +0000