github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-21 10:51:05 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1659 from fidencio/wip/stable-2.0-update-docs

Browse Source 
stable-2.0 | A bunch of backports fixing documentation
This commit is contained in:
Fabiano Fidêncio 2021-04-08 14:07:23 +02:00 committed by GitHub
commit 514af3624b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 109 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/how-to/how-to-set-sandbox-config-kata.md
View File

@ -80,6 +80,8 @@ There are several kinds of Kata configurations and they are listed below.
In case of CRI-O, all annotations specified in the pod spec are passed down to Kata. In case of CRI-O, all annotations specified in the pod spec are passed down to Kata.
# containerd Configuration
For containerd, annotations specified in the pod spec are passed down to Kata For containerd, annotations specified in the pod spec are passed down to Kata
starting with version `1.3.0` of containerd. Additionally, extra configuration is starting with version `1.3.0` of containerd. Additionally, extra configuration is
needed for containerd, by providing a `pod_annotations` field in the containerd config needed for containerd, by providing a `pod_annotations` field in the containerd config
@ -92,11 +94,9 @@ for passing annotations to Kata from containerd:
$ cat /etc/containerd/config $ cat /etc/containerd/config
.... ....
[plugins.cri.containerd.runtimes.kata] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
runtime_type = "io.containerd.runc.v1" runtime_type = "io.containerd.kata.v2"
pod_annotations = ["io.katacontainers.*"] pod_annotations = ["io.katacontainers.*"]
[plugins.cri.containerd.runtimes.kata.options]
BinaryName = "/usr/bin/kata-runtime"
.... ....
``` ```

94
docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md
View File

@ -7,9 +7,10 @@
* [Configure Kubelet to use containerd](#configure-kubelet-to-use-containerd) * [Configure Kubelet to use containerd](#configure-kubelet-to-use-containerd)
* [Configure HTTP proxy - OPTIONAL](#configure-http-proxy---optional) * [Configure HTTP proxy - OPTIONAL](#configure-http-proxy---optional)
* [Start Kubernetes](#start-kubernetes) * [Start Kubernetes](#start-kubernetes)
* [Install a Pod Network](#install-a-pod-network) * [Configure Pod Network](#configure-pod-network)
* [Allow pods to run in the master node](#allow-pods-to-run-in-the-master-node) * [Allow pods to run in the master node](#allow-pods-to-run-in-the-master-node)
* [Create an untrusted pod using Kata Containers](#create-an-untrusted-pod-using-kata-containers) * [Create runtime class for Kata Containers](#create-runtime-class-for-kata-containers)
* [Run pod in Kata Containers](#run-pod-in-kata-containers)
* [Delete created pod](#delete-created-pod) * [Delete created pod](#delete-created-pod)
This document describes how to set up a single-machine Kubernetes (k8s) cluster. This document describes how to set up a single-machine Kubernetes (k8s) cluster.
@ -18,9 +19,6 @@ The Kubernetes cluster will use the
[CRI containerd plugin](https://github.com/containerd/cri) and [CRI containerd plugin](https://github.com/containerd/cri) and
[Kata Containers](https://katacontainers.io) to launch untrusted workloads. [Kata Containers](https://katacontainers.io) to launch untrusted workloads.
For Kata Containers 1.5.0-rc2 and above, we will use `containerd-shim-kata-v2` (short as `shimv2` in this documentation)
to launch Kata Containers. For the previous version of Kata Containers, the Pods are launched with `kata-runtime`.
## Requirements ## Requirements
- Kubernetes, Kubelet, `kubeadm` - Kubernetes, Kubelet, `kubeadm`
@ -125,43 +123,33 @@ $ sudo systemctl daemon-reload
$ sudo -E kubectl get pods $ sudo -E kubectl get pods
``` ```
## Install a Pod Network ## Configure Pod Network
A pod network plugin is needed to allow pods to communicate with each other. A pod network plugin is needed to allow pods to communicate with each other.
You can find more about CNI plugins from the [Creating a cluster with `kubeadm`](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#instructions) guide.
- Install the `flannel` plugin by following the By default the CNI plugin binaries is installed under `/opt/cni/bin` (in package `kubernetes-cni`), you only need to create a configuration file for CNI plugin.
[Using `kubeadm` to Create a Cluster](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#instructions)
guide, starting from the **Installing a pod network** section.
- Create a pod network using flannel
> **Note:** There is no known way to determine programmatically the best version (commit) to use.
> See https://github.com/coreos/flannel/issues/995.
```bash ```bash
$ sudo -E kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml $ sudo -E mkdir -p /etc/cni/net.d
```
- Wait for the pod network to become available $ sudo -E cat > /etc/cni/net.d/10-mynet.conf <<EOF
{
```bash "cniVersion": "0.2.0",
# number of seconds to wait for pod network to become available "name": "mynet",
$ timeout_dns=420 "type": "bridge",
"bridge": "cni0",
$ while [ "$timeout_dns" -gt 0 ]; do "isGateway": true,
if sudo -E kubectl get pods --all-namespaces | grep dns | grep Running; then "ipMasq": true,
break "ipam": {
fi "type": "host-local",
"subnet": "172.19.0.0/24",
sleep 1s "routes": [
((timeout_dns--)) { "dst": "0.0.0.0/0" }
done ]
``` }
}
- Check the pod network is running EOF
```bash
$ sudo -E kubectl get pods --all-namespaces | grep dns | grep Running && echo "OK" || ( echo "FAIL" && false )
``` ```
## Allow pods to run in the master node ## Allow pods to run in the master node
@ -172,24 +160,38 @@ By default, the cluster will not schedule pods in the master node. To enable mas
$ sudo -E kubectl taint nodes --all node-role.kubernetes.io/master- $ sudo -E kubectl taint nodes --all node-role.kubernetes.io/master-
``` ```
## Create an untrusted pod using Kata Containers ## Create runtime class for Kata Containers
By default, all pods are created with the default runtime configured in CRI containerd plugin. By default, all pods are created with the default runtime configured in CRI containerd plugin.
From Kubernetes v1.12, users can use [`RuntimeClass`](https://kubernetes.io/docs/concepts/containers/runtime-class/#runtime-class) to specify a different runtime for Pods.
If a pod has the `io.kubernetes.cri.untrusted-workload` annotation set to `"true"`, the CRI plugin runs the pod with the ```bash
$ cat > runtime.yaml <<EOF
apiVersion: node.k8s.io/v1beta1
kind: RuntimeClass
metadata:
name: kata
handler: kata
EOF
$ sudo -E kubectl apply -f runtime.yaml
```
## Run pod in Kata Containers
If a pod has the `runtimeClassName` set to `kata`, the CRI plugin runs the pod with the
[Kata Containers runtime](../../src/runtime/README.md). [Kata Containers runtime](../../src/runtime/README.md).
- Create an untrusted pod configuration - Create an pod configuration that using Kata Containers runtime
```bash ```bash
$ cat << EOT | tee nginx-untrusted.yaml $ cat << EOT | tee nginx-kata.yaml
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: nginx-untrusted name: nginx-kata
annotations:
io.kubernetes.cri.untrusted-workload: "true"
spec: spec:
runtimeClassName: kata
containers: containers:
- name: nginx - name: nginx
image: nginx image: nginx
@ -197,9 +199,9 @@ If a pod has the `io.kubernetes.cri.untrusted-workload` annotation set to `"true
EOT EOT
``` ```
- Create an untrusted pod - Create the pod
```bash ```bash
$ sudo -E kubectl apply -f nginx-untrusted.yaml $ sudo -E kubectl apply -f nginx-kata.yaml
``` ```
- Check pod is running - Check pod is running
@ -216,5 +218,5 @@ If a pod has the `io.kubernetes.cri.untrusted-workload` annotation set to `"true
## Delete created pod ## Delete created pod
```bash ```bash
$ sudo -E kubectl delete -f nginx-untrusted.yaml $ sudo -E kubectl delete -f nginx-kata.yaml
``` ```

1
docs/install/README.md
View File

@ -52,7 +52,6 @@ Kata packages are provided by official distribution repositories for:
| [CentOS](centos-installation-guide.md) | 8 | | [CentOS](centos-installation-guide.md) | 8 |
| [Fedora](fedora-installation-guide.md) | 32, Rawhide | | [Fedora](fedora-installation-guide.md) | 32, Rawhide |
| [openSUSE](opensuse-installation-guide.md) | [Leap 15.1](opensuse-leap-15.1-installation-guide.md)<br>Leap 15.2, Tumbleweed | | [openSUSE](opensuse-installation-guide.md) | [Leap 15.1](opensuse-leap-15.1-installation-guide.md)<br>Leap 15.2, Tumbleweed |
| [SUSE Linux Enterprise (SLE)](sle-installation-guide.md) | SLE 15 SP1, 15 SP2 |
> **Note::** > **Note::**
> >

13
docs/install/centos-installation-guide.md
View File

@ -3,15 +3,9 @@
1. Install the Kata Containers components with the following commands: 1. Install the Kata Containers components with the following commands:
```bash ```bash
$ sudo -E dnf install -y centos-release-advanced-virtualization
$ sudo -E dnf module disable -y virt:rhel
$ source /etc/os-release $ source /etc/os-release
$ cat <<EOF | sudo -E tee /etc/yum.repos.d/advanced-virt.repo
[advanced-virt]
name=Advanced Virtualization
baseurl=http://mirror.centos.org/\$contentdir/\$releasever/virt/\$basearch/advanced-virtualization
enabled=1
gpgcheck=1
skip_if_unavailable=1
EOF
$ cat <<EOF | sudo -E tee /etc/yum.repos.d/kata-containers.repo $ cat <<EOF | sudo -E tee /etc/yum.repos.d/kata-containers.repo
[kata-containers] [kata-containers]
name=Kata Containers name=Kata Containers
@ -20,8 +14,7 @@
gpgcheck=1 gpgcheck=1
skip_if_unavailable=1 skip_if_unavailable=1
EOF EOF
$ sudo -E dnf module disable -y virt:rhel $ sudo -E dnf install -y kata-containers
$ sudo -E dnf install -y kata-runtime
``` ```
2. Decide which container manager to use and select the corresponding link that follows: 2. Decide which container manager to use and select the corresponding link that follows:

2
docs/install/fedora-installation-guide.md
View File

@ -3,7 +3,7 @@
1. Install the Kata Containers components with the following commands: 1. Install the Kata Containers components with the following commands:
```bash ```bash
$ sudo -E dnf -y install kata-runtime $ sudo -E dnf -y install kata-containers
``` ```
2. Decide which container manager to use and select the corresponding link that follows: 2. Decide which container manager to use and select the corresponding link that follows:

13
docs/install/sle-installation-guide.md
View File

@ -1,13 +0,0 @@
# Install Kata Containers on SLE
1. Install the Kata Containers components with the following commands:
```bash
$ source /etc/os-release
$ DISTRO_VERSION=$(sed "s/-/_/g" <<< "$VERSION")
$ sudo -E zypper addrepo --refresh "https://download.opensuse.org/repositories/devel:/kubic/SLE_${DISTRO_VERSION}_Backports/devel:kubic.repo"
$ sudo -E zypper -n --gpg-auto-import-keys install katacontainers
```
2. Decide which container manager to use and select the corresponding link that follows:
- [Kubernetes](../Developer-Guide.md#run-kata-containers-with-kubernetes)

59
docs/install/snap-installation-guide.md
View File

@ -1,13 +1,58 @@
# Install Kata Containers from `snapcraft.io` # Kata Containers snap package
* [Install Kata Containers](#install-kata-containers)
* [Configure Kata Containers](#configure-kata-containers)
* [Integration with shim v2 Container Engines](#integration-with-shim-v2-container-engines)
* [Remove Kata Containers snap package](#remove-kata-containers-snap-package)
## Install Kata Containers
Kata Containers can be installed in any Linux distribution that supports Kata Containers can be installed in any Linux distribution that supports
[snapd](https://docs.snapcraft.io/installing-snapd). [snapd](https://docs.snapcraft.io/installing-snapd).
Run the following command to install Kata Containers: Run the following command to install **Kata Containers**:
```bash ```sh
$ sudo snap install kata-containers --classic $ sudo snap install kata-containers --candidate --classic
``` ```
For further information on integrating and configuring the `snap` Kata Containers install, ## Configure Kata Containers
refer to the [Kata Containers packaging `snap` documentation](https://github.com/kata-containers/packaging/blob/master/snap/README.md#configure-kata-containers).
By default Kata Containers snap image is mounted at `/snap/kata-containers` as a
read-only file system, therefore default configuration file can not be edited.
Fortunately Kata Containers supports loading a configuration file from another
path than the default.
```sh
$ sudo mkdir -p /etc/kata-containers
$ sudo cp /snap/kata-containers/current/usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/
$ $EDITOR /etc/kata-containers/configuration.toml
```
## Integration with shim v2 Container Engines
The Container engine daemon (`cri-o`, `containerd`, etc) needs to be able to find the
`containerd-shim-kata-v2` binary to allow Kata Containers to be created.
Run the following command to create a symbolic link to the shim v2 binary.
```sh
$ sudo ln -sf /snap/kata-containers/current/usr/bin/containerd-shim-kata-v2 /usr/local/bin/containerd-shim-kata-v2
```
Once the symbolic link has been created and the engine daemon configured, `io.containerd.kata.v2`
can be used as runtime.
Read the following documents to know how to run Kata Containers 2.x with `containerd`.
* [How to use Kata Containers and Containerd](https://github.com/kata-containers/kata-containers/blob/main/docs/how-to/containerd-kata.md)
* [Install Kata Containers with containerd](https://github.com/kata-containers/kata-containers/blob/main/docs/install/container-manager/containerd/containerd-install.md)
## Remove Kata Containers snap package
Run the following command to remove the Kata Containers snap:
```sh
$ sudo snap remove kata-containers
```

15
docs/install/ubuntu-installation-guide.md
View File

@ -1,15 +0,0 @@
# Install Kata Containers on Ubuntu
1. Install the Kata Containers components with the following commands:
```bash
$ ARCH=$(arch)
$ BRANCH="${BRANCH:-master}"
$ sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list"
$ curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add -
$ sudo -E apt-get update
$ sudo -E apt-get -y install kata-runtime kata-proxy kata-shim
```
2. Decide which container manager to use and select the corresponding link that follows:
- [Kubernetes](../Developer-Guide.md#run-kata-containers-with-kubernetes)

5
docs/use-cases/zun_kata.md
View File

@ -10,9 +10,6 @@ Currently, the instructions are based on the following links:
- https://docs.openstack.org/zun/latest/admin/clear-containers.html - https://docs.openstack.org/zun/latest/admin/clear-containers.html
- ../install/ubuntu-installation-guide.md
## Install Git to use with DevStack ## Install Git to use with DevStack
```sh ```sh
@ -54,7 +51,7 @@ $ zun delete test
## Install Kata Containers ## Install Kata Containers
Follow [these instructions](../install/ubuntu-installation-guide.md) Follow [these instructions](../install/README.md)
to install the Kata Containers components. to install the Kata Containers components.
## Update Docker with new Kata Containers runtime ## Update Docker with new Kata Containers runtime