From 2a287bd467b34740adef446425541fccf9bf681a Mon Sep 17 00:00:00 2001 From: Guo Ruijing Date: Wed, 9 Jan 2019 15:14:20 +0800 Subject: add kata in kubeadm & rebase containerd Change-Id: I86a037dcb83854471e9c59f22f899e0ba2f023b7 Signed-off-by: Guo Ruijing --- src/vagrant/kubeadm/deploy.sh | 1 + src/vagrant/kubeadm/host_setup.sh | 2 +- src/vagrant/kubeadm/kata/containerd.service | 22 ++++++++++++ src/vagrant/kubeadm/kata/kata_setup.sh | 52 +++++++++++++++++++++++++++++ src/vagrant/kubeadm/kata/nginx-app.sh | 33 ++++++++++++++++++ src/vagrant/kubeadm/kata/nginx-app.yaml | 33 ++++++++++++++++++ src/vagrant/kubeadm/worker_setup.sh | 3 +- 7 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 src/vagrant/kubeadm/kata/containerd.service create mode 100644 src/vagrant/kubeadm/kata/kata_setup.sh create mode 100644 src/vagrant/kubeadm/kata/nginx-app.sh create mode 100644 src/vagrant/kubeadm/kata/nginx-app.yaml diff --git a/src/vagrant/kubeadm/deploy.sh b/src/vagrant/kubeadm/deploy.sh index 0a3ead2..c7e6d13 100755 --- a/src/vagrant/kubeadm/deploy.sh +++ b/src/vagrant/kubeadm/deploy.sh @@ -8,3 +8,4 @@ cd $DIR vagrant up vagrant ssh master -c "/vagrant/multus/multus.sh" vagrant ssh master -c "/vagrant/istio/istio.sh" +vagrant ssh master -c "/vagrant/kata/nginx-app.sh" diff --git a/src/vagrant/kubeadm/host_setup.sh b/src/vagrant/kubeadm/host_setup.sh index d792119..94f5853 100644 --- a/src/vagrant/kubeadm/host_setup.sh +++ b/src/vagrant/kubeadm/host_setup.sh @@ -4,7 +4,7 @@ set -ex cat << EOF | sudo tee /etc/hosts 127.0.0.1 localhost -192.168.1.05 registry +192.168.1.5 registry 192.168.1.10 master 192.168.1.21 worker1 192.168.1.22 worker2 diff --git a/src/vagrant/kubeadm/kata/containerd.service b/src/vagrant/kubeadm/kata/containerd.service new file mode 100644 index 0000000..1ae7fe8 --- /dev/null +++ b/src/vagrant/kubeadm/kata/containerd.service @@ -0,0 +1,22 @@ +[Unit] +Description=containerd container runtime +Documentation=https://containerd.io +After=network.target + +[Service] +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/containerd + +Delegate=yes +KillMode=process +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +LimitNOFILE=infinity +# Comment TasksMax if your systemd version does not supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity + +[Install] +WantedBy=multi-user.target diff --git a/src/vagrant/kubeadm/kata/kata_setup.sh b/src/vagrant/kubeadm/kata/kata_setup.sh new file mode 100644 index 0000000..c60ae4e --- /dev/null +++ b/src/vagrant/kubeadm/kata/kata_setup.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# +# Copyright (c) 2017 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +set -ex + +sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/release/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list" +curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/release/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add - +sudo -E apt-get update +sudo -E apt-get -y install kata-runtime kata-proxy kata-shim +sudo -E apt-get -y install libseccomp2 + +wget https://github.com/opencontainers/runc/releases/download/v1.0.0-rc6/runc.amd64 +sudo cp runc.amd64 /usr/sbin/runc +sudo chmod 755 /usr/sbin/runc +wget http://github.com/containerd/containerd/releases/download/v1.2.1/containerd-1.2.1.linux-amd64.tar.gz >& /dev/null +sudo tar -C /usr/local -xzf containerd-1.2.1.linux-amd64.tar.gz +wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz >& /dev/null +sudo tar -C /usr/local/bin -xzf crictl-v1.13.0-linux-amd64.tar.gz +echo "runtime-endpoint: unix:///run/containerd/containerd.sock" | sudo tee /etc/crictl.yaml +wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/critest-v1.13.0-linux-amd64.tar.gz >& /dev/null +sudo tar C /usr/local/bin -xzf critest-v1.13.0-linux-amd64.tar.gz +sudo cp /vagrant/kata/containerd.service /etc/systemd/system/ +sudo systemctl start containerd +sudo mkdir -p /opt/cni/bin +sudo mkdir -p /etc/cni/net.d +sudo mkdir -p /etc/containerd +containerd config default | sudo tee /etc/containerd/config.toml +sudo sed -i "/.*untrusted_workload_runtime.*/,+5s/runtime_type.*/runtime_type=\"io.containerd.runtime.v1.linux\"/" /etc/containerd/config.toml +sudo sed -i "/.*untrusted_workload_runtime.*/,+5s/runtime_engine.*/runtime_engine=\"kata-runtime\"/" /etc/containerd/config.toml +sudo systemctl restart containerd + +cat << EOF | sudo tee /etc/systemd/system/kubelet.service.d/0-containerd.conf +[Service] +Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock" +EOF + +sudo systemctl daemon-reload +sudo systemctl restart kubelet diff --git a/src/vagrant/kubeadm/kata/nginx-app.sh b/src/vagrant/kubeadm/kata/nginx-app.sh new file mode 100644 index 0000000..fb9540e --- /dev/null +++ b/src/vagrant/kubeadm/kata/nginx-app.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# +# Copyright (c) 2017 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +kubectl delete services --all +kubectl delete rc --all +kubectl delete pods --all +kubectl create -f /vagrant/kata/nginx-app.yaml +kubectl get nodes +kubectl get services +kubectl get pods +kubectl get rc +r=0 +while [ "$r" -eq "0" ] +do + sleep 30 + r=$(kubectl get pods | grep Running | wc -l) +done +svcip=$(kubectl get services nginx -o json | grep clusterIP | cut -f4 -d'"') +wget http://$svcip diff --git a/src/vagrant/kubeadm/kata/nginx-app.yaml b/src/vagrant/kubeadm/kata/nginx-app.yaml new file mode 100644 index 0000000..9de4ef4 --- /dev/null +++ b/src/vagrant/kubeadm/kata/nginx-app.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + labels: + app: nginx +spec: + type: NodePort + ports: + - port: 80 + protocol: TCP + name: http + selector: + app: nginx +--- +apiVersion: v1 +kind: ReplicationController +metadata: + name: nginx +spec: + replicas: 2 + template: + metadata: + labels: + app: nginx + annotations: + io.kubernetes.cri.untrusted-workload: "true" + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 diff --git a/src/vagrant/kubeadm/worker_setup.sh b/src/vagrant/kubeadm/worker_setup.sh index ac24698..5f8d846 100644 --- a/src/vagrant/kubeadm/worker_setup.sh +++ b/src/vagrant/kubeadm/worker_setup.sh @@ -2,5 +2,6 @@ set -ex -sleep 300 +bash /vagrant/kata/kata_setup.sh +sleep 120 sudo kubeadm join --discovery-token-unsafe-skip-ca-verification --token 8c5adc.1cec8dbf339093f0 192.168.1.10:6443 -- cgit 1.2.3-korg