some updates kata setup

1. fix in containerd private registry
2. master node using docker and worker node without docker
3. rebase containerd to 1.2.2

Change-Id: Ide2a45ed892134269995b8d96aa76d5c3362c6f3
Signed-off-by: Guo Ruijing <ruijing.guo@intel.com>

6 files changed, 30 insertions, 26 deletions

diff --git a/src/vagrant/kubeadm/deploy.sh b/src/vagrant/kubeadm/deploy.sh
index c7e6d13..0154031 100755
--- a/src/vagrant/kubeadm/deploy.sh
+++ b/src/vagrant/kubeadm/deploy.sh
@@ -6,6 +6,6 @@ DIR="$(dirname `readlink -f $0`)"
 cd $DIR
 ../cleanup.sh
 vagrant up
-vagrant ssh master -c "/vagrant/multus/multus.sh"
 vagrant ssh master -c "/vagrant/istio/istio.sh"
+vagrant ssh master -c "/vagrant/multus/multus.sh"
 vagrant ssh master -c "/vagrant/kata/nginx-app.sh"
diff --git a/src/vagrant/kubeadm/host_setup.sh b/src/vagrant/kubeadm/host_setup.sh
index 94f5853..1cb46f6 100644
--- a/src/vagrant/kubeadm/host_setup.sh
+++ b/src/vagrant/kubeadm/host_setup.sh
@@ -11,27 +11,6 @@ cat << EOF | sudo tee /etc/hosts
 192.168.1.23 worker3
 EOF
 
-sudo apt-get update
-sudo apt-get install -y \
-    apt-transport-https \
-    ca-certificates \
-    curl \
-    software-properties-common
-
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-sudo add-apt-repository \
-   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
-   $(lsb_release -cs) \
-   stable"
-sudo apt-get update
-sudo apt-get install -y docker-ce=18.03.1~ce-0~ubuntu
-cat << EOF | sudo tee /etc/docker/daemon.json
-{
-    "insecure-registries": ["registry:5000"]
-}
-EOF
-sudo service docker restart
-
 curl -s http://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
 cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
 deb http://apt.kubernetes.io/ kubernetes-xenial main
@@ -39,11 +18,14 @@ EOF
 sudo apt-get update
 sudo apt-get install -y --allow-unauthenticated kubelet=1.12.2-00 kubeadm=1.12.2-00 kubectl=1.12.2-00 kubernetes-cni=0.6.0-00
 echo 'Environment="KUBELET_EXTRA_ARGS=--feature-gates=DevicePlugins=true"' | sudo tee /etc/default/kubelet
-
+echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
 sudo modprobe ip_vs
 sudo modprobe ip_vs_rr
 sudo modprobe ip_vs_wrr
 sudo modprobe ip_vs_sh
+sudo modprobe br_netfilter
+sudo modprobe nf_conntrack_ipv4
+
 sudo swapoff -a
 sudo systemctl daemon-reload
 sudo systemctl stop kubelet
diff --git a/src/vagrant/kubeadm/kata/kata_setup.sh b/src/vagrant/kubeadm/kata/kata_setup.sh
index c60ae4e..4a23173 100644
--- a/src/vagrant/kubeadm/kata/kata_setup.sh
+++ b/src/vagrant/kubeadm/kata/kata_setup.sh
@@ -26,8 +26,8 @@ sudo -E apt-get -y install libseccomp2
 wget https://github.com/opencontainers/runc/releases/download/v1.0.0-rc6/runc.amd64
 sudo cp runc.amd64 /usr/sbin/runc
 sudo chmod 755 /usr/sbin/runc
-wget http://github.com/containerd/containerd/releases/download/v1.2.1/containerd-1.2.1.linux-amd64.tar.gz >& /dev/null
-sudo tar -C /usr/local -xzf containerd-1.2.1.linux-amd64.tar.gz
+wget http://github.com/containerd/containerd/releases/download/v1.2.2/containerd-1.2.2.linux-amd64.tar.gz >& /dev/null
+sudo tar -C /usr/local -xzf containerd-1.2.2.linux-amd64.tar.gz
 wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz >& /dev/null
 sudo tar -C /usr/local/bin -xzf crictl-v1.13.0-linux-amd64.tar.gz
 echo "runtime-endpoint: unix:///run/containerd/containerd.sock" | sudo tee /etc/crictl.yaml
@@ -39,6 +39,7 @@ sudo mkdir -p /opt/cni/bin
 sudo mkdir -p /etc/cni/net.d
 sudo mkdir -p /etc/containerd
 containerd config default | sudo tee  /etc/containerd/config.toml
+sudo sed -i "s,\[plugins.cri.registry.mirrors\],\[plugins.cri.registry.mirrors\]\n        \[plugins.cri.registry.mirrors.\"registry:5000\"\]\n          endpoint = \[\"http://registry:5000\"\]," /etc/containerd/config.toml
 sudo sed -i "/.*untrusted_workload_runtime.*/,+5s/runtime_type.*/runtime_type=\"io.containerd.runtime.v1.linux\"/" /etc/containerd/config.toml
 sudo sed -i "/.*untrusted_workload_runtime.*/,+5s/runtime_engine.*/runtime_engine=\"kata-runtime\"/" /etc/containerd/config.toml
 sudo systemctl restart containerd
diff --git a/src/vagrant/kubeadm/kata/nginx-app.sh b/src/vagrant/kubeadm/kata/nginx-app.sh
index fb9540e..fb9540e 100644..100755
--- a/src/vagrant/kubeadm/kata/nginx-app.sh
+++ b/src/vagrant/kubeadm/kata/nginx-app.sh
diff --git a/src/vagrant/kubeadm/master_setup.sh b/src/vagrant/kubeadm/master_setup.sh
index a898d8d..cec8877 100644
--- a/src/vagrant/kubeadm/master_setup.sh
+++ b/src/vagrant/kubeadm/master_setup.sh
@@ -2,6 +2,27 @@
 
 set -ex
 
+sudo apt-get update
+sudo apt-get install -y \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    software-properties-common
+
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+sudo add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+sudo apt-get update
+sudo apt-get install -y docker-ce=18.03.1~ce-0~ubuntu
+cat << EOF | sudo tee /etc/docker/daemon.json
+{
+    "insecure-registries": ["registry:5000"]
+}
+EOF
+sudo service docker restart
+
 sudo kubeadm init --apiserver-advertise-address=192.168.1.10  --service-cidr=10.96.0.0/16 --pod-network-cidr=10.32.0.0/12 --token 8c5adc.1cec8dbf339093f0
 mkdir ~/.kube
 sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
diff --git a/src/vagrant/kubeadm/multus/cni_multus.yml b/src/vagrant/kubeadm/multus/cni_multus.yml
index 50372ca..123392b 100644
--- a/src/vagrant/kubeadm/multus/cni_multus.yml
+++ b/src/vagrant/kubeadm/multus/cni_multus.yml
@@ -67,7 +67,7 @@ spec:
       serviceAccountName: cnimultus
       containers:
       - name: run-cni
-        image: registry:5000/multus-cni
+        image: registry:5000/multus-cni:latest
         command: ['sh', '-c', 'cp /multus/cni-conf.json /etc/cni/net.d/05-multus.conf; cp /root/multus /opt/cni/bin; while true; do sleep 10000; done' ]
         volumeMounts:
         - name: cni-bin