richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6743 Commits
29 Branches
81 Tags
146 MiB
Tree: 49196c2ec4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '49196c2ec4'
${ noResults }
kubespray/docs/gvisor.md

16 lines
792 B
Raw Normal View History

gVisor: initial support for gVisor container runtime (#7661) * Docker/Containerd: move downloads urls to containerd-common * gVisor: initial support for gVisor container runtime
3 years ago
  1. # gVisor
  3. [gVisor](https://gvisor.dev/docs/) is an application kernel, written in Go, that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running applications and the host operating system.
  5. gVisor includes an Open Container Initiative (OCI) runtime called runsc that makes it easy to work with existing container tooling. The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers.
  7. ## Usage
  9. To enable gVisor you should be using a container manager that is compatible with selecting the [RuntimeClass](https://kubernetes.io/docs/concepts/containers/runtime-class/) such as `containerd`.
  11. Containerd support:
  13. ```yaml
  14. container_manager: containerd
  15. gvisor_enabled: true
  16. ```