DodoApp: Use untrusted-external runtime class for app runner
Change-Id: I6beab523e1688fc98c2b6a5b756f46a5fc89f3cb
diff --git a/scripts/hetzner/k3s-install.sh b/scripts/hetzner/k3s-install.sh
index 5f9c3c2..fb2cc95 100755
--- a/scripts/hetzner/k3s-install.sh
+++ b/scripts/hetzner/k3s-install.sh
@@ -43,3 +43,50 @@
--server-ip $MASTER_INIT \
--k3s-version $K3S_VERSION
done
+
+
+# # Install runsc
+# sudo apt-get update && \
+# sudo apt-get install -y \
+# apt-transport-https \
+# ca-certificates \
+# curl \
+# gnupg
+
+# curl -fsSL https://gvisor.dev/archive.key | sudo gpg --dearmor -o /usr/share/keyrings/gvisor-archive-keyring.gpg
+# echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases release main" | sudo tee /etc/apt/sources.list.d/gvisor.list > /dev/null
+
+# sudo apt-get update && sudo apt-get install -y runsc
+
+# # Install containerd
+# # Add Docker's official GPG key:
+# sudo apt-get update
+# sudo apt-get install ca-certificates curl
+# sudo install -m 0755 -d /etc/apt/keyrings
+# sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+# sudo chmod a+r /etc/apt/keyrings/docker.asc
+
+# # Add the repository to Apt sources:
+# echo \
+# "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+# $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+# sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+# sudo apt-get update
+
+# sudo apt-get install containerd.io
+
+# # Configure k3s to use runsc
+# copy into /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl
+
+# [plugins.cri.containerd.runtimes.runsc]
+# runtime_type = "io.containerd.runsc.v1"
+
+# systemctl restart k3s
+
+# cat<<EOF | kubectl apply -f -
+# apiVersion: node.k8s.io/v1beta1
+# kind: RuntimeClass
+# metadata:
+# name: gvisor
+# handler: runsc
+# EOF