Hi:

I am used to follow podman setup inside k8s according to article https://www.redhat.com/sysadmin/podman-inside-kubernetes 

Now 3 years have passed, do we have an updated article for this?

I have a vanilla k8s env, and `privileged: true` will not be allowed soon, so what is the easiest way to setup rootless-non-priv environment?

apiVersion: v1

kind: Pod

metadata:

name: podman

spec:

containers:

- name: podman

image: registry.access.redhat.com/ubi9/podman

command: ["sleep", "infinity"]

securityContext:

runAsUser: 1000

privileged: true

Surely `hostPath` is not allowed as well?

In the unix env, i can run `podman run -it -u podman:podman` to get correct env

Any suggestions? (i am not security expert to understand), if I remove `privileged: true` i got below

[podman@podman ~]$ podman system info
Error: mount /home/podman/.local/share/containers/storage/overlay:/home/podman/.local/share/containers/storage/overlay, flags: 0x1000: permission denied

BTW: i only need the build env, maybe `buildah` image shall be used instead (but users are used to use podman command)

Rgs, Larry

_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io

Take at  look at teh user namespace support for k8s.  If you are allowed to run a pod/container inside of a user namespace with enough UIDs and CAP_SYS_ADMIN of the User namespace, then podman should just work.