|
| 1 | +# vm-driver=none |
| 2 | + |
| 3 | +## Overview |
| 4 | + |
| 5 | +This document is written for system integrators who are familiar with minikube, and wish to run it within a customized VM environment. |
| 6 | + |
| 7 | +`--vm-driver=none` allows advanced minikube users to skip VM creation, allowing minikube to be run on an user-supplied VM. |
| 8 | + |
| 9 | +## What operating systems are supported? |
| 10 | + |
| 11 | +`--vm-driver=none` supports releases of Debian, Fedora, and buildroot that are less than 2 years old. |
| 12 | + |
| 13 | +While the standard minikube guest VM uses buildroot, minikube integration tests are also regularly run against Debian 9 for compatibility. In practice, any systemd-based modern distribution is likely to work, and we will happily accept pull requests which improve compatibility with other systems. |
| 14 | + |
| 15 | +## Should vm-driver=none be used on a personal development machine? No. |
| 16 | + |
| 17 | +No. Please do not do this, ever. |
| 18 | + |
| 19 | +minikube was designed to run Kubernetes within a dedicated VM, and when used with `--vm-driver=none`, may overwrite system binaries, configuration files, and system logs. Executing `minikube --vm-driver=none` outside of a VM could result in data loss, system instability and decreased security. |
| 20 | + |
| 21 | +Usage of `--vm-driver=none` outside of a VM could also result in services being exposed in a way that may make them accessible to the public internet. Even if your host is protected by a firewall, these services still be vulnerable to [CSRF](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)) or [DNS rebinding](https://en.wikipedia.org/wiki/DNS_rebinding) attacks. |
| 22 | + |
| 23 | +## Can vm-driver=none be used outside of a VM? |
| 24 | + |
| 25 | +Yes, but only after appropriate security and reliability precautions have been made. `minikube --vm-driver=none` assumes complete control over the environment is is executing within, and may overwrite system binaries, configuration files, and system logs. |
| 26 | + |
| 27 | +The host running `minikube --vm-driver=none` should be: |
| 28 | + |
| 29 | +* Isolated from the rest of the network with a firewall |
| 30 | +* Disposable and easily reprovisioned, as this mode may overwrite system binaries, configuration files, and system logs |
| 31 | + |
| 32 | +If you find yourself running a web browser on the same host running `--vm-driver=none`, please see __Should vm-driver=none be used on a personal development machine? No.__ |
| 33 | + |
| 34 | +## Known Issues |
| 35 | + |
| 36 | +* You cannot run more than one `--vm-driver=none` instance on a single host #2781 |
| 37 | +* `--vm-driver=none` deletes other local docker images #2705 |
| 38 | +* `--vm-driver=none` fails on distro's which do not use systemd #2704 |
| 39 | +* Many `minikube` commands are not supported, such as: `dashboard`, `mount`, `ssh`, `stop` #3127 |
0 commit comments