From 2c47277ca1332ecdb76ed65eff165c68e5480bdd Mon Sep 17 00:00:00 2001 From: bin Date: Wed, 3 Feb 2021 18:05:00 +0800 Subject: [PATCH] docs: update how-to-use-k8s-with-cri-containerd-and-kata.md Update how-to-use-k8s-with-cri-containerd-and-kata.md to fit the latest Kubernetes way. And also changed CNI plugin from flannel to bridge, that will be easy to run. Fixes: #1325 Signed-off-by: bin --- ...to-use-k8s-with-cri-containerd-and-kata.md | 94 ++++++++++--------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md b/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md index c8b095711e..94eb91bb80 100644 --- a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md +++ b/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md @@ -7,9 +7,10 @@ * [Configure Kubelet to use containerd](#configure-kubelet-to-use-containerd) * [Configure HTTP proxy - OPTIONAL](#configure-http-proxy---optional) * [Start Kubernetes](#start-kubernetes) -* [Install a Pod Network](#install-a-pod-network) +* [Configure Pod Network](#configure-pod-network) * [Allow pods to run in the master node](#allow-pods-to-run-in-the-master-node) -* [Create an untrusted pod using Kata Containers](#create-an-untrusted-pod-using-kata-containers) +* [Create runtime class for Kata Containers](#create-runtime-class-for-kata-containers) +* [Run pod in Kata Containers](#run-pod-in-kata-containers) * [Delete created pod](#delete-created-pod) This document describes how to set up a single-machine Kubernetes (k8s) cluster. @@ -18,9 +19,6 @@ The Kubernetes cluster will use the [CRI containerd plugin](https://github.com/containerd/cri) and [Kata Containers](https://katacontainers.io) to launch untrusted workloads. -For Kata Containers 1.5.0-rc2 and above, we will use `containerd-shim-kata-v2` (short as `shimv2` in this documentation) -to launch Kata Containers. For the previous version of Kata Containers, the Pods are launched with `kata-runtime`. - ## Requirements - Kubernetes, Kubelet, `kubeadm` @@ -125,43 +123,33 @@ $ sudo systemctl daemon-reload $ sudo -E kubectl get pods ``` -## Install a Pod Network +## Configure Pod Network A pod network plugin is needed to allow pods to communicate with each other. +You can find more about CNI plugins from the [Creating a cluster with `kubeadm`](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#instructions) guide. -- Install the `flannel` plugin by following the - [Using `kubeadm` to Create a Cluster](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#instructions) - guide, starting from the **Installing a pod network** section. - -- Create a pod network using flannel - - > **Note:** There is no known way to determine programmatically the best version (commit) to use. - > See https://github.com/coreos/flannel/issues/995. +By default the CNI plugin binaries is installed under `/opt/cni/bin` (in package `kubernetes-cni`), you only need to create a configuration file for CNI plugin. ```bash - $ sudo -E kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml - ``` + $ sudo -E mkdir -p /etc/cni/net.d -- Wait for the pod network to become available - - ```bash - # number of seconds to wait for pod network to become available - $ timeout_dns=420 - - $ while [ "$timeout_dns" -gt 0 ]; do - if sudo -E kubectl get pods --all-namespaces | grep dns | grep Running; then - break - fi - - sleep 1s - ((timeout_dns--)) - done - ``` - -- Check the pod network is running - - ```bash - $ sudo -E kubectl get pods --all-namespaces | grep dns | grep Running && echo "OK" || ( echo "FAIL" && false ) + $ sudo -E cat > /etc/cni/net.d/10-mynet.conf < runtime.yaml <