Specify Kata Container Runtime in Pod Spec¶

You can specify the use of Kata Container runtime in your pod specification by runtime class or by annotation.

Procedure

Choose one of the methods below:

To use the runtime class method:

Create a RuntimeClass with handler set to kata.

Reference this class in the pod spec, as shown in the following example:

kind: RuntimeClass
apiVersion: node.k8s.io/v1
metadata:
  name: kata-containers
handler: kata
---
apiVersion: v1
kind: Pod
metadata:
  name: busybox-runtime
spec:
  runtimeClassName: kata-containers
  containers:
  - name: busybox
    command:
      - sleep
      - "3600"
    image: busybox

To use the annotation method:

Set io.kubernetes.cri.untrusted-workload to true in the annotations section of a pod spec.

For example:

apiVersion: v1
kind: Pod
metadata:
  name: busybox-untrusted
  annotations:
    io.kubernetes.cri.untrusted-workload: "true"
spec:
  containers:
  - name: busybox
    command:
      - sleep
      - "3600"
    image: busybox

Note

This method is deprecated and may not be supported in future releases.

Specify Kata Container Runtime in Pod Spec

Specify Kata Container Runtime in Pod Spec¶

StarlingX