Skip to content
This repository has been archived by the owner on Apr 19, 2021. It is now read-only.

Document Red Hat user namespace configurations #811

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Document Red Hat user namespace configurations #811

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
85e069e
Add link to additional Kubernetes configurations
jgallucci32 Oct 18, 2020
281abc4
Additional Kubernetes configurations
jgallucci32 Oct 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions src/docs/self-hosted/0.5.0/install/additional-kubernetes-configs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
url: /docs/self-hosted/0.5.0/install/additional-kubernetes-configs/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

problem: the pull-request targets the wrong repository.

The Gitpod documentation (for now, maybe not in the future) layers master of https://github.com/gitpod-io/gitpod/tree/master/docs/self-hosted as a submodule into this repository. If @meysholdt gives the 👍 in review then these changes need to be sent there as well as here.

---

# Additional Kubernetes configurations

While Gitpod deploys to native Kubernetes environments, several vendor-specific configurations must be made to ensure compatability with the deployment:
* Enable User namespaces options for Kubernetes running on Red Hat Enterprise Linux
* Grant access to `/var/gitpod` for Rancher Kubernetes custers

## Enable User namespaces options for Kubernetes running on Red Hat Enterprise Linux

The Docker-in-Docker image requires user namespaces to be enabled or the `image-builder` pod will fail to start with the error `OCI runtime create failed` because Red Hat Enterprise Linux (or CentOS) does not have user namespaces enabled by default. To enable user namespaces on RHEL/CentOS:
1. Add option to kernel
```
grubby --args="namespace.unpriv_enable=1" --update-kernel=/boot/vmlinuz-$(uname -r)
```
2. Modify sysctl.conf
```
echo "user.max_user_namespaces=15076" >> /etc/sysctl.conf
```
3. Assign users and groups to be mapped by user namespaces
```
echo dockremap:808080:1000 >> /etc/subuid
echo dockremap:808080:1000 >> /etc/subgid
```
4. Reboot host for changes to take effect

See [Red Hat Documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_containers/using_the_docker_command_and_service#user_namespaces_options) for more information.

## Grant access to `/var/gitpod` for Rancher Kubernetes custers

Rancher’s kubelet runs in a container and needs to be given explicit access to the `/var/gitpod/` path. This configuration prevents the `hostPath type check failed` error when initializing a workspace. To enable access, add the following to the cluster's `cluster.yml` manifest:
```yaml
kubelet:
extra_binds:
- '/var/gitpod:/var/gitpod'
```
2 changes: 1 addition & 1 deletion src/docs/self-hosted/0.5.0/install/install-on-kubernetes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Gitpod also provides more optimized installations offering better performance fo

## Prerequisites

- A Kubernetes Cluster in Version 1.13 or newer.
- A Kubernetes Cluster in Version 1.13 or newer. See [additional Kubernetes configurations](../additional-kubernetes-configs/) for vendor-specific implementations.
- [Domain](../domain)
- [HTTPS Certificates](../https-certs): Optional, if you use an external docker registry.
- `kubectl` with access to that cluster.
Expand Down