Hi:
I am used to follow podman setup inside k8s according to article https://www.redhat.com/sysadmin/podman-inside-kubernetes
Now 3 years have passed, do we have an updated article for this?
I have a vanilla k8s env, and `privileged: true` will not be allowed soon, so what is the easiest way to setup rootless-non-priv environment?
apiVersion: v1kind: Podmetadata:name: podmanspec:containers:- name: podmancommand: ["sleep", "infinity"]securityContext:runAsUser: 1000privileged: trueSurely `hostPath` is not allowed as well?
In the unix env, i can run `podman run -it -u podman:podman` to get correct env
Any suggestions? (i am not security expert to understand), if I remove `privileged: true` i got below
[podman@podman ~]$ podman system info
Error: mount /home/podman/.local/share/containers/storage/overlay:/home/podman/.local/share/containers/storage/overlay, flags: 0x1000: permission denied
BTW: i only need the build env, maybe `buildah` image shall be used instead (but users are used to use podman command)
Rgs, Larry
_______________________________________________ Podman mailing list -- podman@lists.podman.io To unsubscribe send an email to podman-leave@lists.podman.io
Take at look at teh user namespace support for k8s. If you are
allowed to run a pod/container inside of a user namespace with
enough UIDs and CAP_SYS_ADMIN of the User namespace, then podman
should just work.