# Why it is impossible to run Kind in GitLab CI's dind-rootless mode First off, why does dind-rootless need `--privileged`? So that it can read and write /sys and mounts... Apparently, the main reason it isn't possible to run Kind is because Kind needs to set cgroup limits, but the inner dockerd process isn't run as a user that has a delegated subtree such as `/sys/fs/cgroup/delegated`. Solution: forget about the Kubernetes and Docker executors. Instead, use microVMs. Design: 1. There is a controller running somewhere that acts similarly to GitLab CI's own runner scheduler. 2. When it sees the tag `microvm` it creates a VM