Event Timeline
ubuntu@gvisor-san:~$ minikube start --container-runtime=containerd --docker-opt containerd=/var/run/containerd/containerd.sock
๐ minikube v1.18.1 on Ubuntu 18.04 (amd64)
โจ Using the docker driver based on existing profile
๐ Starting control plane node minikube in cluster minikube
๐ Updating the running docker "minikube" container ...
๐ Found network options:
โช NO_PROXY=localhost,127.0.0.1,169.254.169.254,dkfz-heidelberg.de,192.168.49.2,10.96.0.0/12,192.168.99.0/24,192.168.39.0/24
โช http_proxy=http://www-int2.dkfz-heidelberg.de:80
โช https_proxy=http://www-int2.dkfz-heidelberg.de:80
โช no_proxy=localhost,127.0.0.1,169.254.169.254,dkfz-heidelberg.de,192.168.49.2,10.96.0.0/12,192.168.99.0/24,192.168.39.0/24
โ This container is having trouble accessing https://k8s.gcr.ioUpdate: The above issue is still an open issue in Kubernetes minikube,
Link: https://github.com/kubernetes/minikube/issues/9798
Reply from Gvisor Team
gVisor binaries are not present in the image, so the addon used to enable gvisor (minikube addons enable gvisor) must download gVisor binaries from the link you mentioned and install in the node image. You can find the code for the add on here:
https://github.com/kubernetes/minikube/blob/f567893cdbb8e98a0348c1d93455af71cf6ce12c/pkg/gvisor/enable.go
Once gVisor is installed in the node via the addon, then you can setup pods to run with gVisor using runtimeClassName: gvisor. These pods will run inside gVisor sandboxes, that are isolated from the host, with the network as configured for the pod.
I hope it helps,
Fabricio.
closing gVisor experiments since Kata is our first choice and Kata is able to run in our bare-metal machine, hence temporarily closing gVisor testing.