Enabling container run capabilities

You can enable container run capabilities in Che workspaces to allow running nested containers using tools like Podman. This feature leverages Linux kernel user namespaces for isolation, so that users can build and run container images within their workspaces.

Previously created workspaces can not be started after enabling this feature. Users will need to create new workspaces.

This feature is available on OpenShift 4.20 and later versions.

Prerequisites

An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.
An instance of Che running in Kubernetes.

Procedure

Configure the CheCluster custom resource to enable container run capabilities:

kubectl patch checluster/eclipse-che -n eclipse-che \
  --type='merge' -p \
  '{"spec":{"devEnvironments":{"disableContainerRunCapabilities":false}}}'

Additional resources

Linux user namespace support