1:40 a.m.
> Podman is not meant to run K8s. Podman targets single-node
machines and
> focuses on servers and developer machines. It does not implement Container
> Runtime Interface (CRI) that K8s uses to communicate with the container
> runtime. CRI-O is dedicated to exactly that use-case.
>
> yeah, I got that
>
> so let me rephrase; the fact that I mentioned minikube - that is just a
> first step for me a beginner here - seems to have been misleading
>
> my ultimate goal is to deploy a k8s cluster on a handful of bare-metal
> fedora boxes, running podman instead of docker
> but I was surprised to see **almost no mention** of podman in the k8s
> documentation, where docker appears a zillion of times along with, in
> shorter supply, rkt
>
As mentioned before, Podman is not meant to be running underneath
Kubernetes. That is CRI-O's job.
Minikube supports using "sudo podman" to run minikube in a privileged
container, as an alternative to "docker".
And it also supports using cri-o / podman as an alternative to containerd /
buildkitd, replacing the old "rkt".
Previously we defaulted to VirtualBox, but now the default is Docker. It
has some better support for Mac and Win.
The container runtime default is still Docker and "dockershim", but this
will move to use CRI and "cri-dockerd".
https://minikube.sigs.k8s.io/docs/drivers/podman/
Podman is supported on Linux, but not on Mac or Win:
https://github.com/kubernetes/minikube/issues/8003
Minikube also supports using the VM as an alternative to starting another
VM with Docker Desktop or Docker Machine.
Here were are using the "podman-env" command to do it for Podman, which
works similar to the "docker-env" command.:
https://minikube.sigs.k8s.io/docs/commands/podman-env/
It uses the podman-remote client, installed on the host.
(disguising as "podman" on Mac and on Win, confusingly)
The main issues are the recurring regressions and the lack of testing
(especially in CI). They might be related ?
As you have noted, most of the users and most of the k8s documentation is
running Docker and running on Ubuntu.
But both CRI-O and Fedora have been supported for years, even if they might
be unavailable due to technical issues.
For instance: upgrading to cgroups v2, changing from varlink to rest,
changing to btrfs, or Next Big Thing etc
Kubernetes documentation is handled by a separate SIG, but they are _also_
accepting PRs to improve their docs.
Running kubernetes in rootless podman (and docker) is something being
*actively* worked on. Not there just yet.
Most of it is handled in the "kind" project, sharing code with minikube:
https://kind.sigs.k8s.io/docs/user/rootless/
So Podman can be used for *running* Kubernetes ("kinp"), and it can also be
used on a node that is running Kubernetes.
Currently we are using "podman build" for image building. There has been no
reason to expose Buildah to the user.
The benefit of this is that the images are immediately available to the k8s
cluster. No registry, no waiting time.
See https://minikube.sigs.k8s.io/docs/handbook/pushing/ for the actual
minikube commands that are involved there.
One uses "sudo crictl" for interfacing with containers. There are no podman
commands used for that, only images.
Docker and rkt are mentioned for historical reasons. Both have been used
underneath Kubernetes for a longer period of time. rkt has been
discontinued a long time ago and also Docker is not supported underneath
Kubernetes anymore.
The rkt support has been removed, and dockershim will be removed. But
Docker is still there.
It will just be forced to use the same interfaces (CRI / CNI) as everybody
else has to...
I understand that the podman team is not in charge of that documentation,
> I’m just saying this suggests podman cannot be used in this way,
which I’m
> pretty certain it is, right ?
>
Podman cannot be used underneath Kubernetes.
We are using podman as a _complement_ to cri-o, since they do share the
same images...
They do not share the same container instances though, and don't use the
same code (yet)
If you see specific bugs, opening an issue upstream would be great.
For
> questions, the mailing list works well, GitHub issues or the #podman
> channel on Freenode IRC (and Libera Chat).
>
> thanks for pointing out irc, I’ll try to join you guys there
>
Great, see you over there :)
We are mostly using the Kubernetes Slack, where there is both #minikube and
#crio
Will also try to join the Podman Community meeting on Tuesday (June 1st),
as usual.
/Anders
https://github.com/afbjorklund