Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE] Allow Docker Run With --userns=host #547

Open
kevinmstephens opened this issue Apr 2, 2021 · 2 comments
Open

[FEATURE] Allow Docker Run With --userns=host #547

kevinmstephens opened this issue Apr 2, 2021 · 2 comments
Assignees
Labels
enhancement New feature or request priority/high
Milestone

Comments

@kevinmstephens
Copy link

kevinmstephens commented Apr 2, 2021

Is your feature request related to a problem or a Pull Request

Yes. Unable to run k3d cluster create when docker daemon has docker namespaces enabled.

Scope of your request

Do you need...

  • a new flag for a command
    • Allow Docker Run With --userns=host on k3d cluster create

Describe the solution you'd like

k3d runs docker with --privileged. With a docker daemon that has user namespaces enabled this will not work unless --userns=host is also passed to docker run. https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations

I propose to add a flag be added to k3d cluster create to allow setting userns.

Describe alternatives you've considered

The package Kind also has the same constraint. However it has addressed this issue by detecting if the docker daemon has namespaces enabled and if so it automatically adds the --userns=host flag. See https://github.com/kubernetes-sigs/kind/blob/5e58a0d40309675774a6df2b25c1947143a03c6c/pkg/cluster/internal/providers/docker/provision.go#L207-L209

@kevinmstephens kevinmstephens added the enhancement New feature or request label Apr 2, 2021
@iwilltry42 iwilltry42 added this to the v4.5.0 milestone Apr 7, 2021
@iwilltry42 iwilltry42 self-assigned this Apr 7, 2021
@iwilltry42
Copy link
Member

Hi @kevinmstephens, thanks for opening this issue!
Actually, I never used that feature of docker, but it makes total sense.
I guess we'll add an automatic detection like kind does it, to keep the config more simple (and if there's no other way to use --privileged on userns-enabled docker systems anyway, it makes sense to do it automatically I guess) 👍

@iwilltry42 iwilltry42 modified the milestones: v4.4.5, Backlog Jun 11, 2021
@Legolas91
Copy link

Hi

i also enter the same issue. User namesapece is set on my dev PC without the possibility to bypass.
so to workaround the error, i rebuild k3d using a little modif in "/pkg/runtimes/docker/translate.go" file (line 128):
/* They have to run in privileged mode */
// TODO: can we replace this by a reduced set of capabilities?
hostConfig.Privileged = true
hostConfig.UsernsMode = "host"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request priority/high
Projects
None yet
Development

No branches or pull requests

3 participants