Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Add initial documentation for --vm-driver=none #3240

Merged
merged 2 commits into from
Oct 19, 2018
Merged

Add initial documentation for --vm-driver=none #3240

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f3ba397
Add initial documentation for --vm-driver=none
tstromberg Oct 9, 2018
075d78c
Update docs/vmdriver-none.md
balopat Oct 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions docs/vmdriver-none.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# vm-driver=none

## Overview

This document is written for system integrators who are familiar with minikube, and wish to run it within a customized VM environment.

`--vm-driver=none` allows advanced minikube users to skip VM creation, allowing minikube to be run on a user-supplied VM.

## What operating systems are supported?

`--vm-driver=none` supports releases of Debian, Fedora, and buildroot that are less than 2 years old.

While the standard minikube guest VM uses buildroot, minikube integration tests are also regularly run against Debian 9 for compatibility. In practice, any systemd-based modern distribution is likely to work, and we will happily accept pull requests which improve compatibility with other systems.

## Should vm-driver=none be used on a personal development machine? No.

No. Please do not do this, ever.

minikube was designed to run Kubernetes within a dedicated VM, and when used with `--vm-driver=none`, may overwrite system binaries, configuration files, and system logs. Executing `minikube --vm-driver=none` outside of a VM could result in data loss, system instability and decreased security.

Usage of `--vm-driver=none` outside of a VM could also result in services being exposed in a way that may make them accessible to the public internet. Even if your host is protected by a firewall, these services still be vulnerable to [CSRF](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)) or [DNS rebinding](https://en.wikipedia.org/wiki/DNS_rebinding) attacks.

## Can vm-driver=none be used outside of a VM?

Yes, but only after appropriate security and reliability precautions have been made. `minikube --vm-driver=none` assumes complete control over the environment is is executing within, and may overwrite system binaries, configuration files, and system logs.

The host running `minikube --vm-driver=none` should be:

* Isolated from the rest of the network with a firewall
* Disposable and easily reprovisioned, as this mode may overwrite system binaries, configuration files, and system logs

If you find yourself running a web browser on the same host running `--vm-driver=none`, please see __Should vm-driver=none be used on a personal development machine? No.__

## Known Issues

* You cannot run more than one `--vm-driver=none` instance on a single host #2781
* `--vm-driver=none` deletes other local docker images #2705
* `--vm-driver=none` fails on distro's which do not use systemd #2704
* Many `minikube` commands are not supported, such as: `dashboard`, `mount`, `ssh`, `stop` #3127