From 3513e8f35fe4316309cab9eebd444614999804e6 Mon Sep 17 00:00:00 2001
From: shenlan <manbuzhe2009@qq.com>
Date: Thu, 26 Jun 2025 10:46:51 +0800
Subject: [PATCH] docs: note rootless requirements

---
 docs/gpu-k8s-role.md                                    | 4 +++-
 playbooks/roles/vhosts/common/files/install-packages.sh | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/gpu-k8s-role.md b/docs/gpu-k8s-role.md
index 6c5853b..d1fd6f0 100644
--- a/docs/gpu-k8s-role.md
+++ b/docs/gpu-k8s-role.md
@@ -31,7 +31,9 @@ sealos run \
   --cmd "kubeadm init --skip-phases=addon/kube-proxy"
 ```
 If deploying with a non-root user the command also requires `--user` and
-`--pk` options pointing to the user's SSH key.
+`--pk` options pointing to the user's SSH key. The host running Sealos must have
+`newuidmap` and `newgidmap` installed (typically provided by the `uidmap`
+package) to enable user namespaces.
 
 After the cluster is running the role installs the NVIDIA device plugin and runs a test pod to ensure `nvidia-smi` works inside the cluster.
 
diff --git a/playbooks/roles/vhosts/common/files/install-packages.sh b/playbooks/roles/vhosts/common/files/install-packages.sh
index 14bb78f..d9bee68 100644
--- a/playbooks/roles/vhosts/common/files/install-packages.sh
+++ b/playbooks/roles/vhosts/common/files/install-packages.sh
@@ -4,4 +4,4 @@ export DEBIAN_FRONTEND=noninteractive
 curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor > /usr/share/keyrings/hashicorp-archive-keyring.gpg
 sudo echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/hashicorp.list
 sudo apt-get update
-sudo apt-get install -y vault auditd
+sudo apt-get install -y vault auditd uidmap