Doc on running runsc with cri-o

[ianlewis]

Add section to the Kubernetes docs on using runsc with cri-o.

Related: google/gvisor#193

Original issue: https://github.com/google/gvisor-website/issues/42

[batistein]

Hi is there any progress? I am currently in the midst of using gvisor as runtime under cri-o. So far there are no error messages, but no container is created and it gets stuck in the container created phase. I tried to create an nginx container with crictl as described in the containerd manual but I get an error message when using SANDBOX_ID=$(sudo crictl runp --runtime runsc sandbox.json):

FATA[0000] run pod sandbox failed: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_nginx-sandbox_default_hdishd83djaidwnduwk28bcsb_1(a3b25b79773ebcec32d0654591982f95d30f37c83c627802d76650db355db783): pods "nginx-sandbox" not found

[cristicalin]

I recently tested running Kubernetes with cri-o and gVisor and containers fail to start, it would be useful to check if this is actually supported and and if not implement it.

Note that cri-o is the default CRI in OpenShift so adding proper support for cri-o to gVisor would enable OpenShift users to benefit from gVisor.

[Jeansen]

I would also be intrested in any documentation or if this is supported, after all. To my understanding, it should, since runsc is just another OCI-compliant implementation. But I haven' had any luck so far running cri-o with runsc.

https://devopstales.github.io/kubernetes/gvisor-cri-o/ is not working for me. And systemd should be supported, by now.

Here's what I see in the logs:

#011rpc error: code = Unknown desc = container create failed: creating container: cannot load sandbox: open /run/runsc/b4139c96ba66ea5f78902134edb982dbef44c9eaa0985a55391
1166674cdbbb1_sandbox:b4139c96ba66ea5f78902134edb982dbef44c9eaa0985a553911166674cdbbb1.state: no such file or directory

Any hints appreciated!

[CiraciNicolo]

Same issue here, is there any update?