summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuo Ruijing <ruijing.guo@intel.com>2019-01-09 15:14:20 +0800
committerGuo Ruijing <ruijing.guo@intel.com>2019-01-10 07:14:55 +0800
commit2a287bd467b34740adef446425541fccf9bf681a (patch)
tree9e4c6ee235fa7641f788db0b1a7cc952f968949d
parent38b371951736582843ff3568fbc5b40450acc043 (diff)
add kata in kubeadm & rebase containerd
Change-Id: I86a037dcb83854471e9c59f22f899e0ba2f023b7 Signed-off-by: Guo Ruijing <ruijing.guo@intel.com>
-rwxr-xr-xsrc/vagrant/kubeadm/deploy.sh1
-rw-r--r--src/vagrant/kubeadm/host_setup.sh2
-rw-r--r--src/vagrant/kubeadm/kata/containerd.service22
-rw-r--r--src/vagrant/kubeadm/kata/kata_setup.sh52
-rw-r--r--src/vagrant/kubeadm/kata/nginx-app.sh33
-rw-r--r--src/vagrant/kubeadm/kata/nginx-app.yaml33
-rw-r--r--src/vagrant/kubeadm/worker_setup.sh3
7 files changed, 144 insertions, 2 deletions
diff --git a/src/vagrant/kubeadm/deploy.sh b/src/vagrant/kubeadm/deploy.sh
index 0a3ead2..c7e6d13 100755
--- a/src/vagrant/kubeadm/deploy.sh
+++ b/src/vagrant/kubeadm/deploy.sh
@@ -8,3 +8,4 @@ cd $DIR
vagrant up
vagrant ssh master -c "/vagrant/multus/multus.sh"
vagrant ssh master -c "/vagrant/istio/istio.sh"
+vagrant ssh master -c "/vagrant/kata/nginx-app.sh"
diff --git a/src/vagrant/kubeadm/host_setup.sh b/src/vagrant/kubeadm/host_setup.sh
index d792119..94f5853 100644
--- a/src/vagrant/kubeadm/host_setup.sh
+++ b/src/vagrant/kubeadm/host_setup.sh
@@ -4,7 +4,7 @@ set -ex
cat << EOF | sudo tee /etc/hosts
127.0.0.1 localhost
-192.168.1.05 registry
+192.168.1.5 registry
192.168.1.10 master
192.168.1.21 worker1
192.168.1.22 worker2
diff --git a/src/vagrant/kubeadm/kata/containerd.service b/src/vagrant/kubeadm/kata/containerd.service
new file mode 100644
index 0000000..1ae7fe8
--- /dev/null
+++ b/src/vagrant/kubeadm/kata/containerd.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=containerd container runtime
+Documentation=https://containerd.io
+After=network.target
+
+[Service]
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/local/bin/containerd
+
+Delegate=yes
+KillMode=process
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
+LimitNOFILE=infinity
+# Comment TasksMax if your systemd version does not supports it.
+# Only systemd 226 and above support this version.
+TasksMax=infinity
+
+[Install]
+WantedBy=multi-user.target
diff --git a/src/vagrant/kubeadm/kata/kata_setup.sh b/src/vagrant/kubeadm/kata/kata_setup.sh
new file mode 100644
index 0000000..c60ae4e
--- /dev/null
+++ b/src/vagrant/kubeadm/kata/kata_setup.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+#
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -ex
+
+sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/release/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list"
+curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/release/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add -
+sudo -E apt-get update
+sudo -E apt-get -y install kata-runtime kata-proxy kata-shim
+sudo -E apt-get -y install libseccomp2
+
+wget https://github.com/opencontainers/runc/releases/download/v1.0.0-rc6/runc.amd64
+sudo cp runc.amd64 /usr/sbin/runc
+sudo chmod 755 /usr/sbin/runc
+wget http://github.com/containerd/containerd/releases/download/v1.2.1/containerd-1.2.1.linux-amd64.tar.gz >& /dev/null
+sudo tar -C /usr/local -xzf containerd-1.2.1.linux-amd64.tar.gz
+wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz >& /dev/null
+sudo tar -C /usr/local/bin -xzf crictl-v1.13.0-linux-amd64.tar.gz
+echo "runtime-endpoint: unix:///run/containerd/containerd.sock" | sudo tee /etc/crictl.yaml
+wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/critest-v1.13.0-linux-amd64.tar.gz >& /dev/null
+sudo tar C /usr/local/bin -xzf critest-v1.13.0-linux-amd64.tar.gz
+sudo cp /vagrant/kata/containerd.service /etc/systemd/system/
+sudo systemctl start containerd
+sudo mkdir -p /opt/cni/bin
+sudo mkdir -p /etc/cni/net.d
+sudo mkdir -p /etc/containerd
+containerd config default | sudo tee /etc/containerd/config.toml
+sudo sed -i "/.*untrusted_workload_runtime.*/,+5s/runtime_type.*/runtime_type=\"io.containerd.runtime.v1.linux\"/" /etc/containerd/config.toml
+sudo sed -i "/.*untrusted_workload_runtime.*/,+5s/runtime_engine.*/runtime_engine=\"kata-runtime\"/" /etc/containerd/config.toml
+sudo systemctl restart containerd
+
+cat << EOF | sudo tee /etc/systemd/system/kubelet.service.d/0-containerd.conf
+[Service]
+Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
+EOF
+
+sudo systemctl daemon-reload
+sudo systemctl restart kubelet
diff --git a/src/vagrant/kubeadm/kata/nginx-app.sh b/src/vagrant/kubeadm/kata/nginx-app.sh
new file mode 100644
index 0000000..fb9540e
--- /dev/null
+++ b/src/vagrant/kubeadm/kata/nginx-app.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+kubectl delete services --all
+kubectl delete rc --all
+kubectl delete pods --all
+kubectl create -f /vagrant/kata/nginx-app.yaml
+kubectl get nodes
+kubectl get services
+kubectl get pods
+kubectl get rc
+r=0
+while [ "$r" -eq "0" ]
+do
+ sleep 30
+ r=$(kubectl get pods | grep Running | wc -l)
+done
+svcip=$(kubectl get services nginx -o json | grep clusterIP | cut -f4 -d'"')
+wget http://$svcip
diff --git a/src/vagrant/kubeadm/kata/nginx-app.yaml b/src/vagrant/kubeadm/kata/nginx-app.yaml
new file mode 100644
index 0000000..9de4ef4
--- /dev/null
+++ b/src/vagrant/kubeadm/kata/nginx-app.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: nginx
+ labels:
+ app: nginx
+spec:
+ type: NodePort
+ ports:
+ - port: 80
+ protocol: TCP
+ name: http
+ selector:
+ app: nginx
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: nginx
+spec:
+ replicas: 2
+ template:
+ metadata:
+ labels:
+ app: nginx
+ annotations:
+ io.kubernetes.cri.untrusted-workload: "true"
+ spec:
+ containers:
+ - name: nginx
+ image: nginx
+ ports:
+ - containerPort: 80
diff --git a/src/vagrant/kubeadm/worker_setup.sh b/src/vagrant/kubeadm/worker_setup.sh
index ac24698..5f8d846 100644
--- a/src/vagrant/kubeadm/worker_setup.sh
+++ b/src/vagrant/kubeadm/worker_setup.sh
@@ -2,5 +2,6 @@
set -ex
-sleep 300
+bash /vagrant/kata/kata_setup.sh
+sleep 120
sudo kubeadm join --discovery-token-unsafe-skip-ca-verification --token 8c5adc.1cec8dbf339093f0 192.168.1.10:6443