From 8c2602aa5e99381dfbf9210c0b4e3a82976052f3 Mon Sep 17 00:00:00 2001
From: Guo Ruijing <ruijing.guo@intel.com>
Date: Mon, 12 Nov 2018 21:13:11 +0800
Subject: rebase virtlet

1. k8s 1.12.2, docker: 18.03
2. criproxy: 0.12.0, virtlet: v1.4.1

Change-Id: I826bad4407ef4d048f3307dface5683f7d9d10e6
Signed-off-by: Guo Ruijing <ruijing.guo@intel.com>
---
 .../kubeadm_virtlet/examples/cirros-vm.yaml        |  25 +-
 src/vagrant/kubeadm_virtlet/examples/images.yaml   |   2 +-
 .../kubeadm_virtlet/examples/virtlet-ds.yaml       | 457 ++++++++++++++-------
 src/vagrant/kubeadm_virtlet/host_setup.sh          |  29 +-
 .../virtlet/etc/systemd/system/criproxy.service    |  11 -
 .../virtlet/etc/systemd/system/dockershim.service  |  11 -
 .../system/kubelet.service.d/20-criproxy.conf      |   2 -
 src/vagrant/kubeadm_virtlet/worker_setup.sh        |  20 +-
 8 files changed, 343 insertions(+), 214 deletions(-)
 delete mode 100644 src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/criproxy.service
 delete mode 100644 src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/dockershim.service
 delete mode 100644 src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/kubelet.service.d/20-criproxy.conf

diff --git a/src/vagrant/kubeadm_virtlet/examples/cirros-vm.yaml b/src/vagrant/kubeadm_virtlet/examples/cirros-vm.yaml
index 8beb03f..334142b 100644
--- a/src/vagrant/kubeadm_virtlet/examples/cirros-vm.yaml
+++ b/src/vagrant/kubeadm_virtlet/examples/cirros-vm.yaml
@@ -4,21 +4,14 @@ metadata:
   name: cirros-vm
   annotations:
     # This tells CRI Proxy that this pod belongs to Virtlet runtime
-    kubernetes.io/target-runtime: virtlet
-    # An optional annotation specifying the count of virtual CPUs.
-    # Note that annotation values must always be strings,
-    # thus numeric values need to be quoted.
-    # Defaults to "1".
-    VirtletVCPUCount: "1"
+    kubernetes.io/target-runtime: virtlet.cloud
     # CirrOS doesn't load nocloud data from SCSI CD-ROM for some reason
     VirtletDiskDriver: virtio
     # inject ssh keys via cloud-init
     VirtletSSHKeys: |
       ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaJEcFDXEK2ZbX0ZLS1EIYFZRbDAcRfuVjpstSc0De8+sV1aiu+dePxdkuDRwqFtCyk6dEZkssjOkBXtri00MECLkir6FcH3kKOJtbJ6vy3uaJc9w1ERo+wyl6SkAh/+JTJkp7QRXj8oylW5E20LsbnA/dIwWzAF51PPwF7A7FtNg9DnwPqMkxFo1Th/buOMKbP5ZA1mmNNtmzbMpMfJATvVyiv3ccsSJKOiyQr6UG+j7sc/7jMVz5Xk34Vd0l8GwcB0334MchHckmqDB142h/NCWTr8oLakDNvkfC1YneAfAO41hDkUbxPtVBG5M/o7P4fxoqiHEX+ZLfRxDtHB53 me@localhost
-    # cloud-init user data
-    VirtletCloudInitUserDataScript: |
-      #!/bin/sh
-      echo "Hi there"
+    # set root volume size
+    VirtletRootVolumeSize: 1Gi
 spec:
   # This nodeAffinity specification tells Kubernetes to run this
   # pod only on the nodes that have extraRuntime=virtlet label.
@@ -36,17 +29,9 @@ spec:
   containers:
   - name: cirros-vm
     # This specifies the image to use.
-    # virtlet/ prefix is used by CRI proxy, the remaining part
+    # virtlet.cloud/ prefix is used by CRI proxy, the remaining part
     # of the image name is prepended with https:// and used to download the image
-    image: virtlet/cirros
-    # Virtlet currently ignores image tags, but their meaning may change
-    # in future, so it’s better not to set them for VM pods. If there’s no tag
-    # provided in the image specification kubelet defaults to
-    # imagePullPolicy: Always, which means that the image is always
-    # redownloaded when the pod is created. In order to make pod creation
-    # faster and more reliable, we set imagePullPolicy to IfNotPresent here
-    # so a previously downloaded image is reused if there is one
-    # in Virtlet’s image store
+    image: virtlet.cloud/cirros
     imagePullPolicy: IfNotPresent
     # tty and stdin required for `kubectl attach -t` to work
     tty: true
diff --git a/src/vagrant/kubeadm_virtlet/examples/images.yaml b/src/vagrant/kubeadm_virtlet/examples/images.yaml
index 3a84585..1541ca7 100644
--- a/src/vagrant/kubeadm_virtlet/examples/images.yaml
+++ b/src/vagrant/kubeadm_virtlet/examples/images.yaml
@@ -1,3 +1,3 @@
 translations:
   - name: cirros
-    url: http://github.com/mirantis/virtlet/releases/download/v0.8.2/cirros.img
+    url: https://github.com/mirantis/virtlet/releases/download/v0.9.3/cirros.img
diff --git a/src/vagrant/kubeadm_virtlet/examples/virtlet-ds.yaml b/src/vagrant/kubeadm_virtlet/examples/virtlet-ds.yaml
index ed037d9..1bb4882 100644
--- a/src/vagrant/kubeadm_virtlet/examples/virtlet-ds.yaml
+++ b/src/vagrant/kubeadm_virtlet/examples/virtlet-ds.yaml
@@ -1,25 +1,21 @@
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
+  creationTimestamp: null
   name: virtlet
   namespace: kube-system
 spec:
+  selector:
+    matchLabels:
+      runtime: virtlet
   template:
     metadata:
-      name: virtlet
+      creationTimestamp: null
       labels:
         runtime: virtlet
+      name: virtlet
     spec:
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
-      # hostPID is true to (1) enable VMs to survive virtlet container restart
-      # (to be checked) and (2) to enable the use of nsenter in init container
-      hostPID: true
-      # bootstrap procedure needs to create a configmap in kube-system namespace
-      serviceAccountName: virtlet
-
-      # only run Virtlet pods on the nodes with extraRuntime=virtlet label
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -29,50 +25,21 @@ spec:
                 operator: In
                 values:
                 - virtlet
-
-      initContainers:
-      # The init container first copies virtlet's flexvolume driver
-      # to the default kubelet plugin dir to have it in the proper place by the
-      # time kubelet is restarted by CRI proxy bootstrap procedure.
-      # After that it checks if there's already saved kubelet config
-      # and considers that CRI proxy bootstrap is already done if it exists.
-      # If it doesn't, it drops criproxy binary into /opt/criproxy/bin
-      # if it's not already there and then starts criproxy installation.
-      # The possibility to put criproxy binary in advance into
-      # /opt/criproxy/bin may be helpful for the purpose of
-      # debugging criproxy
-      # At the end it ensures that /var/lib/libvirt/images exists on node.
-      - name: prepare-node
-        image: openretriever/virtlet
+      containers:
+      - command:
+        - /libvirt.sh
+        image: mirantis/virtlet:v1.4.1
         imagePullPolicy: IfNotPresent
-        command:
-        - /prepare-node.sh
-        volumeMounts:
-        - name: k8s-flexvolume-plugins-dir
-          mountPath: /kubelet-volume-plugins
-        - name: criproxybin
-          mountPath: /opt/criproxy/bin
-        - name: run
-          mountPath: /run
-        - name: dockersock
-          mountPath: /var/run/docker.sock
-        - name: criproxyconf
-          mountPath: /etc/criproxy
-        - name: log
-          mountPath: /hostlog
-        # for ensuring that /var/lib/libvirt/images exists on node
-        - name: var-lib
-          mountPath: /host-var-lib
+        name: libvirt
+        readinessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - socat - UNIX:/var/run/libvirt/libvirt-sock-ro </dev/null
+        resources: {}
         securityContext:
           privileged: true
-
-      containers:
-      - name: libvirt
-        image: openretriever/virtlet
-        # In case we inject local virtlet image we want to use it not officially available one
-        imagePullPolicy: IfNotPresent
-        command:
-        - /libvirt.sh
         volumeMounts:
         - mountPath: /sys/fs/cgroup
           name: cgroup
@@ -90,117 +57,176 @@ spec:
           name: libvirt
         - mountPath: /var/run/libvirt
           name: libvirt-sockets
-        # the log dir is needed here because otherwise libvirt will produce errors
-        # like this:
-        # Unable to pre-create chardev file '/var/log/vms/afd75bbb-8e97-11e7-9561-02420ac00002/cirros-vm_0.log': No such file or directory
-        - name: vms-log
-          mountPath: /var/log/vms
-        - name: dev
-          mountPath: /dev
+        - mountPath: /var/log/vms
+          name: vms-log
+        - mountPath: /var/log/libvirt
+          name: libvirt-log
+        - mountPath: /dev
+          name: dev
+      - image: mirantis/virtlet:v1.4.1
+        imagePullPolicy: IfNotPresent
+        name: virtlet
+        readinessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - socat - UNIX:/run/virtlet.sock </dev/null
+        resources: {}
         securityContext:
           privileged: true
-        env:
-        - name: VIRTLET_DISABLE_KVM
-          valueFrom:
-            configMapKeyRef:
-              name: virtlet-config
-              key: disable_kvm
-              optional: true
-      - name: virtlet
-        image: openretriever/virtlet
-        # In case we inject local virtlet image we want to use it not officially available one
-        imagePullPolicy: IfNotPresent
         volumeMounts:
         - mountPath: /run
           name: run
-        # /boot and /lib/modules are required by supermin
         - mountPath: /lib/modules
           name: modules
           readOnly: true
         - mountPath: /boot
           name: boot
           readOnly: true
+        - mountPath: /dev
+          name: dev
         - mountPath: /var/lib/virtlet
+          mountPropagation: Bidirectional
           name: virtlet
         - mountPath: /var/lib/libvirt
           name: libvirt
-        - mountPath: /etc/cni
-          name: cniconf
-        - mountPath: /opt/cni/bin
-          name: cnibin
         - mountPath: /var/run/libvirt
           name: libvirt-sockets
-        - mountPath: /var/lib/cni
-          name: cnidata
         - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
           name: k8s-flexvolume-plugins-dir
-          # below `:shared` is unofficial way to pass this option docker
-          # which then will allow virtlet to see what kubelet mounts in
-          # underlaying directories, after virtlet container is created
-        - mountPath: /var/lib/kubelet/pods:shared
+        - mountPath: /var/lib/kubelet/pods
+          mountPropagation: Bidirectional
           name: k8s-pods-dir
-        - name: vms-log
-          mountPath: /var/log/vms
+        - mountPath: /var/log/vms
+          name: vms-log
         - mountPath: /etc/virtlet/images
           name: image-name-translations
-        - name: pods-log
-          mountPath: /kubernetes-log
-        securityContext:
-          privileged: true
+        - mountPath: /var/log/pods
+          name: pods-log
+        - mountPath: /var/log/libvirt
+          name: libvirt-log
+        - mountPath: /var/run/netns
+          mountPropagation: Bidirectional
+          name: netns-dir
+      - command:
+        - /vms.sh
+        image: mirantis/virtlet:v1.4.1
+        imagePullPolicy: IfNotPresent
+        name: vms
+        resources: {}
+        volumeMounts:
+        - mountPath: /var/lib/virtlet
+          mountPropagation: HostToContainer
+          name: virtlet
+        - mountPath: /var/lib/libvirt
+          name: libvirt
+        - mountPath: /var/log/vms
+          name: vms-log
+        - mountPath: /var/lib/kubelet/pods
+          mountPropagation: HostToContainer
+          name: k8s-pods-dir
+        - mountPath: /dev
+          name: dev
+        - mountPath: /lib/modules
+          name: modules
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      hostPID: true
+      initContainers:
+      - command:
+        - /prepare-node.sh
         env:
+        - name: KUBE_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
         - name: VIRTLET_DISABLE_KVM
           valueFrom:
             configMapKeyRef:
-              name: virtlet-config
               key: disable_kvm
+              name: virtlet-config
               optional: true
-        - name: VIRTLET_DOWNLOAD_PROTOCOL
+        - name: VIRTLET_SRIOV_SUPPORT
           valueFrom:
             configMapKeyRef:
+              key: sriov_support
               name: virtlet-config
+              optional: true
+        - name: VIRTLET_DOWNLOAD_PROTOCOL
+          valueFrom:
+            configMapKeyRef:
               key: download_protocol
+              name: virtlet-config
               optional: true
         - name: VIRTLET_LOGLEVEL
           valueFrom:
             configMapKeyRef:
-              name: virtlet-config
               key: loglevel
+              name: virtlet-config
               optional: true
         - name: VIRTLET_CALICO_SUBNET
           valueFrom:
             configMapKeyRef:
-              name: virtlet-config
               key: calico-subnet
+              name: virtlet-config
               optional: true
         - name: IMAGE_REGEXP_TRANSLATION
           valueFrom:
             configMapKeyRef:
-              name: virtlet-config
               key: image_regexp_translation
+              name: virtlet-config
+              optional: true
+        - name: VIRTLET_RAW_DEVICES
+          valueFrom:
+            configMapKeyRef:
+              key: raw_devices
+              name: virtlet-config
+              optional: true
+        - name: VIRTLET_DISABLE_LOGGING
+          valueFrom:
+            configMapKeyRef:
+              key: disable_logging
+              name: virtlet-config
+              optional: true
+        - name: VIRTLET_CPU_MODEL
+          valueFrom:
+            configMapKeyRef:
+              key: cpu-model
+              name: virtlet-config
+              optional: true
+        - name: KUBELET_ROOT_DIR
+          valueFrom:
+            configMapKeyRef:
+              key: kubelet_root_dir
+              name: virtlet-config
               optional: true
-        - name: IMAGE_TRANSLATIONS_DIR
+        - name: VIRTLET_IMAGE_TRANSLATIONS_DIR
           value: /etc/virtlet/images
-        - name: KUBERNETES_POD_LOGS
-          value: "/kubernetes-log"
-        # TODO: should we rename it?
-        - name: VIRTLET_VM_LOG_LOCATION
-          value: "1"
-      - name: vms
-        image: openretriever/virtlet
+        image: mirantis/virtlet:v1.4.1
         imagePullPolicy: IfNotPresent
-        command:
-        - /vms.sh
+        name: prepare-node
+        resources: {}
+        securityContext:
+          privileged: true
         volumeMounts:
+        - mountPath: /kubelet-volume-plugins
+          name: k8s-flexvolume-plugins-dir
+        - mountPath: /run
+          name: run
+        - mountPath: /var/run/docker.sock
+          name: dockersock
+        - mountPath: /hostlog
+          name: log
+        - mountPath: /host-var-lib
+          name: var-lib
+        - mountPath: /dev
+          name: dev
         - mountPath: /var/lib/virtlet
           name: virtlet
-        - mountPath: /var/lib/libvirt
-          name: libvirt
-        - name: vms-log
-          mountPath: /var/log/vms
-        - name: dev
-          mountPath: /dev
+      serviceAccountName: virtlet
       volumes:
-      # /dev is needed for host raw device access
       - hostPath:
           path: /dev
         name: dev
@@ -216,9 +242,6 @@ spec:
       - hostPath:
           path: /run
         name: run
-      # TODO: don't hardcode docker socket location here
-      # This will require CRI proxy installation to run
-      # in host mount namespace.
       - hostPath:
           path: /var/run/docker.sock
         name: dockersock
@@ -228,21 +251,6 @@ spec:
       - hostPath:
           path: /var/lib/libvirt
         name: libvirt
-      - hostPath:
-          path: /etc/cni
-        name: cniconf
-      - hostPath:
-          path: /opt/cni/bin
-        name: cnibin
-      - hostPath:
-          path: /var/lib/cni
-        name: cnidata
-      - hostPath:
-          path: /opt/criproxy/bin
-        name: criproxybin
-      - hostPath:
-          path: /etc/criproxy
-        name: criproxyconf
       - hostPath:
           path: /var/log
         name: log
@@ -258,19 +266,28 @@ spec:
       - hostPath:
           path: /var/log/virtlet/vms
         name: vms-log
+      - hostPath:
+          path: /var/log/libvirt
+        name: libvirt-log
       - hostPath:
           path: /var/run/libvirt
         name: libvirt-sockets
       - hostPath:
           path: /var/log/pods
         name: pods-log
+      - hostPath:
+          path: /var/run/netns
+        name: netns-dir
       - configMap:
           name: virtlet-image-translations
         name: image-name-translations
+  updateStrategy: {}
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
+  creationTimestamp: null
   name: virtlet
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -280,23 +297,29 @@ subjects:
 - kind: ServiceAccount
   name: virtlet
   namespace: kube-system
+
 ---
-kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
 metadata:
+  creationTimestamp: null
   name: virtlet
   namespace: kube-system
 rules:
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs:
-      - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - nodes
+  verbs:
+  - create
+  - get
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
+  creationTimestamp: null
   name: configmap-reader
 rules:
 - apiGroups:
@@ -307,10 +330,27 @@ rules:
   - get
   - list
   - watch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: virtlet-userdata-reader
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - get
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
+  creationTimestamp: null
   name: kubelet-node-binding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -320,29 +360,49 @@ subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
   name: system:nodes
+
 ---
-kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
 metadata:
+  creationTimestamp: null
+  name: vm-userdata-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: virtlet-userdata-reader
+subjects:
+- kind: ServiceAccount
+  name: virtlet
+  namespace: kube-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
   name: virtlet-crd
 rules:
-  - apiGroups:
-      - "apiextensions.k8s.io"
-    resources:
-      - customresourcedefinitions
-    verbs:
-      - create
-  - apiGroups:
-      - "virtlet.k8s"
-    resources:
-      - virtletimagemappings
-    verbs:
-      - list
-      - get
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
+- apiGroups:
+  - virtlet.k8s
+  resources:
+  - virtletimagemappings
+  - virtletconfigmappings
+  verbs:
+  - list
+  - get
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
+  creationTimestamp: null
   name: virtlet-crd
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -352,9 +412,110 @@ subjects:
 - kind: ServiceAccount
   name: virtlet
   namespace: kube-system
+
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  creationTimestamp: null
   name: virtlet
   namespace: kube-system
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  labels:
+    virtlet.cloud: ""
+  name: virtletimagemappings.virtlet.k8s
+spec:
+  group: virtlet.k8s
+  names:
+    kind: VirtletImageMapping
+    plural: virtletimagemappings
+    shortNames:
+    - vim
+    singular: virtletimagemapping
+  scope: Namespaced
+  version: v1
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  labels:
+    virtlet.cloud: ""
+  name: virtletconfigmappings.virtlet.k8s
+spec:
+  group: virtlet.k8s
+  names:
+    kind: VirtletConfigMapping
+    plural: virtletconfigmappings
+    shortNames:
+    - vcm
+    singular: virtletconfigmapping
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            config:
+              properties:
+                calicoSubnetSize:
+                  maximum: 32
+                  minimum: 0
+                  type: integer
+                cniConfigDir:
+                  type: string
+                cniPluginDir:
+                  type: string
+                cpuModel:
+                  type: string
+                criSocketPath:
+                  type: string
+                databasePath:
+                  type: string
+                disableKVM:
+                  type: boolean
+                disableLogging:
+                  type: boolean
+                downloadProtocol:
+                  pattern: ^https?$
+                  type: string
+                enableRegexpImageTranslation:
+                  type: boolean
+                enableSriov:
+                  type: boolean
+                fdServerSocketPath:
+                  type: string
+                imageDir:
+                  type: string
+                imageTranslationConfigsDir:
+                  type: string
+                kubeletRootDir:
+                  type: string
+                libvirtURI:
+                  type: string
+                logLevel:
+                  maximum: 2147483647
+                  minimum: 0
+                  type: integer
+                rawDevices:
+                  type: string
+                skipImageTranslation:
+                  type: boolean
+                streamPort:
+                  maximum: 65535
+                  minimum: 1
+                  type: integer
+            nodeName:
+              type: string
+            nodeSelector:
+              type: object
+            priority:
+              type: integer
+  version: v1
+
diff --git a/src/vagrant/kubeadm_virtlet/host_setup.sh b/src/vagrant/kubeadm_virtlet/host_setup.sh
index b2ee85c..f211f19 100644
--- a/src/vagrant/kubeadm_virtlet/host_setup.sh
+++ b/src/vagrant/kubeadm_virtlet/host_setup.sh
@@ -10,20 +10,33 @@ cat << EOF | sudo tee /etc/hosts
 192.168.1.23 worker3
 EOF
 
-sudo apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
-sudo apt-key adv -k 58118E89F3A912897C070ADBF76221572C52609D
-cat << EOF | sudo tee /etc/apt/sources.list.d/docker.list
-deb [arch=amd64] https://apt.dockerproject.org/repo ubuntu-xenial main
-EOF
+sudo apt-get update
+sudo apt-get install -y \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    software-properties-common
+
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+sudo add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+sudo apt-get update
+sudo apt-get install -y docker-ce=18.03.1~ce-0~ubuntu
 
 curl -s http://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
 cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
 deb http://apt.kubernetes.io/ kubernetes-xenial main
 EOF
 sudo apt-get update
-sudo apt-get install -y --allow-unauthenticated --allow-downgrades docker-engine=1.12.6-0~ubuntu-xenial kubelet=1.7.0-00 kubeadm=1.7.0-00 kubectl=1.7.0-00 kubernetes-cni=0.5.1-00
+sudo apt-get install -y --allow-unauthenticated kubelet=1.12.2-00 kubeadm=1.12.2-00 kubectl=1.12.2-00 kubernetes-cni=0.6.0-00
 
-sudo rm -rf /var/lib/kubelet
-sudo systemctl stop kubelet
+sudo modprobe ip_vs
+sudo modprobe ip_vs_rr
+sudo modprobe ip_vs_wrr
+sudo modprobe ip_vs_sh
+sudo swapoff -a
 sudo systemctl daemon-reload
+sudo systemctl stop kubelet
 sudo systemctl start kubelet
diff --git a/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/criproxy.service b/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/criproxy.service
deleted file mode 100644
index bb2f1de..0000000
--- a/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/criproxy.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=CRI Proxy
-
-[Service]
-ExecStart=/usr/local/bin/criproxy -v 3 -alsologtostderr -connect /var/run/dockershim.sock,virtlet:/run/virtlet.sock -listen /run/criproxy.sock
-Restart=always
-StartLimitInterval=0
-RestartSec=10
-
-[Install]
-WantedBy=kubelet.service
diff --git a/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/dockershim.service b/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/dockershim.service
deleted file mode 100644
index c629a4b..0000000
--- a/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/dockershim.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=dockershim for criproxy
-
-[Service]
-ExecStart=/usr/local/bin/dockershim ......
-Restart=always
-StartLimitInterval=0
-RestartSec=10
-
-[Install]
-RequiredBy=criproxy.service
diff --git a/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/kubelet.service.d/20-criproxy.conf b/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/kubelet.service.d/20-criproxy.conf
deleted file mode 100644
index 412a48d..0000000
--- a/src/vagrant/kubeadm_virtlet/virtlet/etc/systemd/system/kubelet.service.d/20-criproxy.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[Service]
-Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/run/criproxy.sock --image-service-endpoint=/run/criproxy.sock --enable-controller-attach-detach=false"
diff --git a/src/vagrant/kubeadm_virtlet/worker_setup.sh b/src/vagrant/kubeadm_virtlet/worker_setup.sh
index 4472874..bc37fb3 100644
--- a/src/vagrant/kubeadm_virtlet/worker_setup.sh
+++ b/src/vagrant/kubeadm_virtlet/worker_setup.sh
@@ -1,18 +1,12 @@
 #!/bin/bash
 
 set -ex
-sudo kubeadm join --token 8c5adc.1cec8dbf339093f0 192.168.1.10:6443 || true
+sudo kubeadm join --discovery-token-unsafe-skip-ca-verification --token 8c5adc.1cec8dbf339093f0 192.168.1.10:6443
 
-sudo docker pull openretriever/virtlet
-sudo docker run --rm openretriever/virtlet tar -c /criproxy | sudo tar -C /usr/local/bin -xv
-sudo ln -s /usr/local/bin/criproxy /usr/local/bin/dockershim
-
-sudo mkdir /etc/criproxy
-sudo touch /etc/criproxy/node.conf
-sudo cp -r /vagrant/virtlet/etc/systemd/system/* /etc/systemd/system/
-sudo systemctl stop kubelet
-sudo systemctl daemon-reload
-sudo systemctl enable criproxy dockershim
-sudo systemctl start criproxy dockershim
+wget https://github.com/Mirantis/criproxy/releases/download/v0.12.0/criproxy_0.12.0_amd64.deb
+sudo dpkg -i criproxy_0.12.0_amd64.deb
+sudo sed -i "s/EnvironmentFile/#EnvironmentFile/" /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
 sudo systemctl daemon-reload
-sudo systemctl start kubelet
+sudo systemctl restart dockershim
+sudo systemctl restart criproxy
+sudo systemctl restart kubelet
-- 
cgit 1.2.3-korg