Skip to content

Instantly share code, notes, and snippets.

@zetxx

zetxx/containerD&rootless + nerdctl.md

Last active November 20, 2023 07:54
Show Gist options
  • Save zetxx/45276567ec43bd31b0a946950fabc782 to your computer and use it in GitHub Desktop.
Save zetxx/45276567ec43bd31b0a946950fabc782 to your computer and use it in GitHub Desktop.
Download ZIP
containerD&rootless + nerdctl
Raw
containerD&rootless + nerdctl.md

containerd(rootless) + nerdctl @Arch linux

install

pacman -Suy containerd nerdctl nerdctl kubectl qemu-user-static rootlesskit slirp4netns buildkit cni-plugins

config

put in: sudo vim /etc/sysctl.d/99-rootless.conf

kernel.unprivileged_userns_clone=1
net.ipv4.ping_group_range = 0 2147483647
net.ipv4.ip_unprivileged_port_start=0
sudo loginctl enable-linger $(whoami)
sudo touch /etc/subuid /etc/subgid
sudo sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $(whoami)

rootless install

containerd-rootless-setuptool.sh install && containerd-rootless-setuptool.sh install-buildkit
systemctl enable --user --now containerd && systemctl enable --user --now buildkit

root run

sudo systemctl enable --now containerd
sudo nerdctl run --privileged --rm tonistiigi/binfmt --install all

Put following in: /usr/lib/systemd/system/multi-arch.service

[Unit]
Description=MultiArch
After=containerd.service

[Service]
Type=simple
ExecStart=nerdctl run --privileged --rm tonistiigi/binfmt --install all > /dev/null

[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable --now multi-arch

links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment