summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorGuo Ruijing <ruijing.guo@intel.com>2018-05-30 19:03:03 +0800
committerGuo Ruijing <ruijing.guo@intel.com>2018-05-31 17:43:01 +0800
commit6b40a7d85df324b8556c9e4f2916e444dc0ca0a6 (patch)
tree830bf7c53a7c902ec230dafe7d1f900ed05d210b /src
parentb1f11b54803266384cf0d9e14fcb7204dbcc79a7 (diff)
enable kata 1.0 + containerd 1.1
Change-Id: Idbeda8b36d067a7bd27a8ef19184c5bb5a6daa04 Signed-off-by: Guo Ruijing <ruijing.guo@intel.com>
Diffstat (limited to 'src')
-rwxr-xr-xsrc/vagrant/kubeadm_kata/examples/nginx-app.sh7
-rw-r--r--src/vagrant/kubeadm_kata/examples/nginx-app.yaml2
-rw-r--r--src/vagrant/kubeadm_kata/kata_setup.sh42
-rw-r--r--src/vagrant/kubeadm_kata/master_setup.sh12
-rw-r--r--src/vagrant/kubeadm_kata/worker_setup.sh14
5 files changed, 35 insertions, 42 deletions
diff --git a/src/vagrant/kubeadm_kata/examples/nginx-app.sh b/src/vagrant/kubeadm_kata/examples/nginx-app.sh
index 96d776c..a66b7ca 100755
--- a/src/vagrant/kubeadm_kata/examples/nginx-app.sh
+++ b/src/vagrant/kubeadm_kata/examples/nginx-app.sh
@@ -20,6 +20,11 @@ kubectl get nodes
kubectl get services
kubectl get pods
kubectl get rc
-sleep 180
+r=0
+while [ "$r" -eq "0" ]
+do
+ sleep 30
+ r=$(kubectl get pods | grep Running | wc -l)
+done
svcip=$(kubectl get services nginx -o json | grep clusterIP | cut -f4 -d'"')
wget http://$svcip
diff --git a/src/vagrant/kubeadm_kata/examples/nginx-app.yaml b/src/vagrant/kubeadm_kata/examples/nginx-app.yaml
index f80881a..9de4ef4 100644
--- a/src/vagrant/kubeadm_kata/examples/nginx-app.yaml
+++ b/src/vagrant/kubeadm_kata/examples/nginx-app.yaml
@@ -23,6 +23,8 @@ spec:
metadata:
labels:
app: nginx
+ annotations:
+ io.kubernetes.cri.untrusted-workload: "true"
spec:
containers:
- name: nginx
diff --git a/src/vagrant/kubeadm_kata/kata_setup.sh b/src/vagrant/kubeadm_kata/kata_setup.sh
index c14d844..53a2bbf 100644
--- a/src/vagrant/kubeadm_kata/kata_setup.sh
+++ b/src/vagrant/kubeadm_kata/kata_setup.sh
@@ -17,27 +17,27 @@
set -ex
-cat << EOF | sudo tee /etc/apt/sources.list.d/cc-oci-runtime.list
-deb http://download.opensuse.org/repositories/home:/clearcontainers:/clear-containers-3/xUbuntu_16.04/ /
-EOF
-curl -fsSL http://download.opensuse.org/repositories/home:/clearcontainers:/clear-containers-3/xUbuntu_16.04/Release.key | sudo apt-key add -
-sudo apt-get update
-sudo apt-get install -y cc-oci-runtime
+sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/release/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list"
+curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/release/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add -
+sudo -E apt-get update
+sudo -E apt-get -y install kata-runtime kata-proxy kata-shim
+sudo -E apt-get -y install libseccomp2
-echo | sudo add-apt-repository ppa:projectatomic/ppa
-sudo apt-get update
-sudo apt-get install -y cri-o
-sudo sed -i 's,runtime_untrusted_workload.*,runtime_untrusted_workload = "/usr/bin/cc-runtime",' /etc/crio/crio.conf
-sudo sed -i 's,cgroup_manager.*,cgroup_manager = "cgroupfs",' /etc/crio/crio.conf
-sudo sed -i 's,default_workload_trust.*,default_workload_trust = "untrusted",' /etc/crio/crio.conf
-sudo sed -i 's,^registries.*,registries = [ "docker.io",' /etc/crio/crio.conf
-sudo systemctl enable crio
-sudo systemctl daemon-reload
-sudo systemctl restart crio
+wget http://storage.googleapis.com/cri-containerd-release/cri-containerd-1.1.0.linux-amd64.tar.gz >& /dev/null
+sudo tar -C / -xzf cri-containerd-1.1.0.linux-amd64.tar.gz
+sudo systemctl start containerd
+sudo mkdir -p /opt/cni/bin
+sudo mkdir -p /etc/cni/net.d
+sudo mkdir -p /etc/containerd
+containerd config default | sudo tee /etc/containerd/config.toml
+sudo sed -i "/.*untrusted_workload_runtime.*/,+5s/runtime_type.*/runtime_type=\"io.containerd.runtime.v1.linux\"/" /etc/containerd/config.toml
+sudo sed -i "/.*untrusted_workload_runtime.*/,+5s/runtime_engine.*/runtime_engine=\"kata-runtime\"/" /etc/containerd/config.toml
+sudo systemctl restart containerd
+
+cat << EOF | sudo tee /etc/systemd/system/kubelet.service.d/0-containerd.conf
+[Service]
+Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
+EOF
-sudo systemctl stop kubelet
-echo "Modify kubelet systemd configuration to use CRI-O"
-k8s_systemd_file="/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
-sudo sed -i '/KUBELET_AUTHZ_ARGS/a Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/crio/crio.sock --runtime-request-timeout=30m"' "$k8s_systemd_file"
sudo systemctl daemon-reload
-sudo systemctl start kubelet
+sudo systemctl restart kubelet
diff --git a/src/vagrant/kubeadm_kata/master_setup.sh b/src/vagrant/kubeadm_kata/master_setup.sh
index 41dadf0..3f1177e 100644
--- a/src/vagrant/kubeadm_kata/master_setup.sh
+++ b/src/vagrant/kubeadm_kata/master_setup.sh
@@ -17,18 +17,16 @@
set -ex
-sudo kubeadm init --skip-preflight-checks --apiserver-advertise-address=192.168.1.10 --service-cidr=10.96.0.0/16 --pod-network-cidr=10.32.0.0/12 --token 8c5adc.1cec8dbf339093f0
+sudo kubeadm init --skip-preflight-checks --apiserver-advertise-address=192.168.1.10 --service-cidr=10.96.0.0/16 --pod-network-cidr=10.244.0.0/16 --token 8c5adc.1cec8dbf339093f0
mkdir ~/.kube
sudo cp /etc/kubernetes/admin.conf .kube/config
sudo chown $(id -u):$(id -g) ~/.kube/config
-kubectl apply -f http://git.io/weave-kube-1.6
+kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
-r=1
-while [ "$r" -ne "0" ]
+r=0
+while [ "$r" -ne "1" ]
do
sleep 30
- r=$(kubectl get pods -n kube-system | grep weave-net | grep -v Run | wc -l)
+ r=$(kubectl get pods -n kube-system | grep -v Running | wc -l)
done
-
-sudo systemctl restart crio
diff --git a/src/vagrant/kubeadm_kata/worker_setup.sh b/src/vagrant/kubeadm_kata/worker_setup.sh
index 6145793..b717291 100644
--- a/src/vagrant/kubeadm_kata/worker_setup.sh
+++ b/src/vagrant/kubeadm_kata/worker_setup.sh
@@ -18,16 +18,4 @@
set -ex
sudo kubeadm join --discovery-token-unsafe-skip-ca-verification \
--token 8c5adc.1cec8dbf339093f0 192.168.1.10:6443 \
- --ignore-preflight-errors=SystemVerification,FileContent--proc-sys-net-bridge-bridge-nf-call-iptables
-
-sudo apt-get install -y putty-tools
-mkdir ~/.kube
-r=1
-while [ "$r" -ne "0" ]
-do
- sleep 30
- echo "y\n" | plink -ssh -pw vagrant vagrant@master "cat ~/.kube/config" > ~/.kube/config || true
- r=$(kubectl get pods -n kube-system | grep weave-net | grep -v Run | wc -l)
-done
-
-sudo systemctl restart crio
+ --ignore-preflight-errors=SystemVerification,CRI,FileContent--proc-sys-net-bridge-bridge-nf-call-iptables