You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/vmdriver-none.md
+12-6Lines changed: 12 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -8,9 +8,7 @@ The `none` driver allows advanced minikube users to skip VM creation, allowing m
8
8
9
9
## What operating systems are supported?
10
10
11
-
The `none` driver supports releases of Debian, Ubuntu, and Fedora that are less than 2 years old
12
-
13
-
In practice, any systemd-based modern distribution is likely to work, and we will happily accept pull requests which improve compatibility with other systems.
11
+
The `none` driver supports releases of Debian, Ubuntu, and Fedora that are less than 2 years old. In practice, any systemd-based modern distribution is likely to work, and we will accept pull requests which improve compatibility with other systems.
14
12
15
13
## Can vm-driver=none be used outside of a VM?
16
14
@@ -22,11 +20,19 @@ minikube was designed to run Kubernetes within a dedicated VM, and assumes that
22
20
* /usr/local/bin/kubectl
23
21
* /etc/kubernetes
24
22
25
-
## Security
23
+
It will also install `kubelet` as a systemd service, as well as start/stop container runtime services if installed.
24
+
25
+
## Security Limitations
26
+
27
+
With the `none` driver, minikube has limited container isolation abilities. Applications running in a container may be able to access your host filesystem. Through using a container escape vulnerability such as [CVE-2019-5736](https://access.redhat.com/security/vulnerabilities/runcescape), they may also be able to execute arbitrary code on your host.
28
+
29
+
When using the `none` driver, it is highly recommended that your host is isolated from the rest of the network using a firewall.
30
+
31
+
Additionally, minikube with the `none` driver has a very confusing permissions model, as some commands need to be run as root ("start"), and others by a regular user ("dashboard"). In a future release, we intend to disallow running `minikube`, and instead call into `sudo` when necesarry to avoid permissions issues.
26
32
27
-
With the `none` driver, minikube has only limited container isolation abilities, which can result in decreased host security and reliability. It is highly recommended that your host is isolated from the rest of the network using a firewall.
33
+
# Uninstall
28
34
29
-
Additionally, minikube with the `none` driver has a very confusing permissions model, as some commands need to be run as root ("start"), and others by a regular user ("dashboard").
35
+
The `none` driver now supports uninstallation via `minikube delete`. Please note that it will not fully remove /etc/kubernetes, since it does not track which files in /etc/kubernetes existed before the installation.
0 commit comments