You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @kevinmstephens, thanks for opening this issue!
Actually, I never used that feature of docker, but it makes total sense.
I guess we'll add an automatic detection like kind does it, to keep the config more simple (and if there's no other way to use --privileged on userns-enabled docker systems anyway, it makes sense to do it automatically I guess) 👍
i also enter the same issue. User namesapece is set on my dev PC without the possibility to bypass.
so to workaround the error, i rebuild k3d using a little modif in "/pkg/runtimes/docker/translate.go" file (line 128):
/* They have to run in privileged mode */
// TODO: can we replace this by a reduced set of capabilities?
hostConfig.Privileged = true hostConfig.UsernsMode = "host"
Is your feature request related to a problem or a Pull Request
Yes. Unable to run
k3d cluster create
when docker daemon has docker namespaces enabled.Scope of your request
Do you need...
--userns=host
onk3d cluster create
Describe the solution you'd like
k3d runs docker with
--privileged
. With a docker daemon that has user namespaces enabled this will not work unless--userns=host
is also passed todocker run
. https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitationsI propose to add a flag be added to
k3d cluster create
to allow settinguserns
.Describe alternatives you've considered
The package Kind also has the same constraint. However it has addressed this issue by detecting if the docker daemon has namespaces enabled and if so it automatically adds the
--userns=host
flag. See https://github.com/kubernetes-sigs/kind/blob/5e58a0d40309675774a6df2b25c1947143a03c6c/pkg/cluster/internal/providers/docker/provision.go#L207-L209The text was updated successfully, but these errors were encountered: