docs/rootless: use Bottlerocket's API configurations

Bottlerocket favors API configurations instead of manual calls to configure sysctl knobs Signed-off-by: Arnaldo Garcia Rincon <[email protected]>
moby · Sep 26, 2023 · bb2f10d · bb2f10d
1 parent deba876
commit bb2f10d
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/docs/rootless.md b/docs/rootless.md
@@ -26,9 +26,14 @@ See also the [example manifests](#Kubernetes).
 
 ### Bottlerocket OS
 
-Needs to run `sysctl -w user.max_user_namespaces=N` (N=positive integer, like 63359) on the host nodes.
+Needs to set the max user namespaces to a positive integer, through the [API settings](https://github.com/bottlerocket-os/bottlerocket#kernel-settings):
 
-See [`../examples/kubernetes/sysctl-userns.privileged.yaml`](../examples/kubernetes/sysctl-userns.privileged.yaml).
+```toml
+[settings.kernel.sysctl]
+"user.max_user_namespaces" = "16384"
+```
+
+See [`../examples/eksctl/bottlerocket.yaml`](../examples/eskctl/bottlerocket.yaml) for an example to configure a Node Group in EKS.
 
 <details>
 <summary>Old distributions</summary>

diff --git a/examples/eksctl/bottlerocket.yaml b/examples/eksctl/bottlerocket.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+metadata:
+  name: bottlerocket
+  region: us-west-2
+  version: '1.27'
+
+nodeGroups:
+  - name: buildkit
+    desiredCapacity: 1
+    amiFamily: Bottlerocket
+    iam:
+      attachPolicyARNs:
+        - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
+        - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
+        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
+        - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
+    bottlerocket:
+      settings:
+        kernel:
+          sysctl:
+            # Adjust the value as needed
+            "user.max_user_namespace": "16384"