Thank you, I'll try it when possible Best regards Francesco Di Nucci On 14/03/24 04:03, Hongbin Lu wrote:
Oh, I see. Thanks for the clarification.
I didn't hear anyone installing Zun with Docker rootless. I scanned through the rootless document you shared and couldn't find anything that is a hard break. There is a limitation on some storage drivers so you might want to explicitly choose a supported storage driver on container creation. In addition, the document didn't mention any limitation about specific runtime like Kata so I guess Kata will work as long as Docker rootless works with Zun.
You are welcome to give it a try and let us know.
Best regards, Hongbin
On Wed, Mar 13, 2024 at 10:26 PM Francesco Di Nucci <francesco.dinucci@na.infn.it> wrote:
Thank you,
although I'm in a different use-case, sorry for not being able to explain myself: Kata does support privileged containers (https://github.com/kata-containers/kata-containers/blob/main/docs/how-to/pri...), but I don't want to use them.
AFAIK Zun can use a stock Docker install with Kata Containers as an optional step (https://docs.openstack.org/zun/2023.2/install/compute-install.html#enable-ka...), but there is no mention of using Zun together with Docker rootless (https://docs.docker.com/engine/security/rootless/) or Zun + Docker Rootless + Kata Containers. Maybe I should start with an ordinary Docker install with Kata and then test if it is possible to switch to rootless?
Best regards
Francesco Di Nucci
Il 13/03/2024 13:49, Hongbin Lu ha scritto:
Hi,
Zun allows running privileged containers but I am not sure if Kata supports privileged flag. You might want to consult the Kata community about that.
Best regards, Hongbin
On Wed, Mar 13, 2024 at 4:41 PM Francesco Di Nucci <francesco.dinucci@na.infn.it> wrote:
Hello,
I am working on a 2023.2 instance to install Zun. While we're still in the design phase, I was wondering if it is possible to run Docker as a non-root user together with Kata Containers for enhanced security. Has anyone tried this solution?
Regards
Francesco Di Nucci