diff --git a/kata-deploy/examples/nginx-deployment-clh.yaml b/kata-deploy/examples/nginx-deployment-clh.yaml new file mode 100644 index 0000000000..44d7320567 --- /dev/null +++ b/kata-deploy/examples/nginx-deployment-clh.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment-clh +spec: + selector: + matchLabels: + app: nginx + replicas: 2 + template: + metadata: + labels: + app: nginx + spec: + runtimeClassName: kata-clh + containers: + - name: nginx + image: nginx:1.14 + ports: + - containerPort: 80 diff --git a/kata-deploy/examples/test-deploy-kata-clh.yaml b/kata-deploy/examples/test-deploy-kata-clh.yaml new file mode 100644 index 0000000000..665b032275 --- /dev/null +++ b/kata-deploy/examples/test-deploy-kata-clh.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: php-apache-kata-clh + name: php-apache-kata-clh +spec: + replicas: 1 + selector: + matchLabels: + run: php-apache-kata-clh + template: + metadata: + labels: + run: php-apache-kata-clh + spec: + runtimeClassName: kata-clh + containers: + - image: k8s.gcr.io/hpa-example + imagePullPolicy: Always + name: php-apache + ports: + - containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 200m + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: php-apache-kata-clh +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 80 + selector: + run: php-apache-kata-clh + sessionAffinity: None + type: ClusterIP diff --git a/kata-deploy/k8s-1.13/kata-clh-runtimeClass.yaml b/kata-deploy/k8s-1.13/kata-clh-runtimeClass.yaml new file mode 100644 index 0000000000..6e17d040f1 --- /dev/null +++ b/kata-deploy/k8s-1.13/kata-clh-runtimeClass.yaml @@ -0,0 +1,7 @@ +--- +kind: RuntimeClass +apiVersion: node.k8s.io/v1alpha1 +metadata: + name: kata-clh +spec: + runtimeHandler: kata-clh diff --git a/kata-deploy/k8s-1.14/kata-clh-runtimeClass.yaml b/kata-deploy/k8s-1.14/kata-clh-runtimeClass.yaml new file mode 100644 index 0000000000..91f7ebaaa3 --- /dev/null +++ b/kata-deploy/k8s-1.14/kata-clh-runtimeClass.yaml @@ -0,0 +1,6 @@ +--- +kind: RuntimeClass +apiVersion: node.k8s.io/v1beta1 +metadata: + name: kata-clh +handler: kata-clh diff --git a/kata-deploy/scripts/kata-deploy-docker.sh b/kata-deploy/scripts/kata-deploy-docker.sh index c3b7464d2d..7e32b40b49 100755 --- a/kata-deploy/scripts/kata-deploy-docker.sh +++ b/kata-deploy/scripts/kata-deploy-docker.sh @@ -51,6 +51,10 @@ function configure_docker() { "kata-fc": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-fc.toml" ] + }, + "kata-clh": { + "path": "/opt/kata/bin/kata-runtime", + "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-clh.toml" ] } } } diff --git a/kata-deploy/scripts/kata-deploy.sh b/kata-deploy/scripts/kata-deploy.sh index f563a2c83a..847cc27af9 100755 --- a/kata-deploy/scripts/kata-deploy.sh +++ b/kata-deploy/scripts/kata-deploy.sh @@ -18,6 +18,7 @@ shims=( "nemu" "qemu" "qemu-virtiofs" + "cloud-hypervisor" ) # If we fail for any reason a message will be displayed @@ -32,7 +33,7 @@ function print_usage() { } function get_container_runtime() { - local runtime=$(kubectl describe node $NODE_NAME) + local runtime="$(kubectl describe node $NODE_NAME)" if [ "$?" -ne 0 ]; then die "invalid node name" fi @@ -55,7 +56,7 @@ function configure_cri_runtime() { ;; esac systemctl daemon-reload - systemctl restart $1 + systemctl restart "$1" } function configure_crio() { @@ -65,15 +66,21 @@ function configure_crio() { # backup the CRIO.conf only if a backup doesn't already exist (don't override original) cp -n "$crio_conf_file" "$crio_conf_file_backup" - local kata_qemu_path="/opt/kata/bin/kata-qemu" - local kata_qemu_virtiofs_path="/opt/kata/bin/kata-qemu-virtiofs" - local kata_nemu_path="/opt/kata/bin/kata-nemu" + local kata_clh_path="/opt/kata/bin/kata-clh" + local kata_clh_conf="crio.runtime.runtimes.kata-clh" + local kata_fc_path="/opt/kata/bin/kata-fc" - local kata_qemu_conf="crio.runtime.runtimes.kata-qemu" - local kata_qemu_virtiofs_conf="crio.runtime.runtimes.kata-qemu-virtiofs" - local kata_nemu_conf="crio.runtime.runtimes.kata-nemu" local kata_fc_conf="crio.runtime.runtimes.kata-fc" + local kata_nemu_path="/opt/kata/bin/kata-nemu" + local kata_nemu_conf="crio.runtime.runtimes.kata-nemu" + + local kata_qemu_path="/opt/kata/bin/kata-qemu" + local kata_qemu_conf="crio.runtime.runtimes.kata-qemu" + + local kata_qemu_virtiofs_path="/opt/kata/bin/kata-qemu-virtiofs" + local kata_qemu_virtiofs_conf="crio.runtime.runtimes.kata-qemu-virtiofs" + # add kata-qemu config if grep -q "^\[$kata_qemu_conf\]" $crio_conf_file; then echo "Configuration exists $kata_qemu_conf, overwriting" @@ -126,10 +133,23 @@ EOT EOT fi - # Replace if exists, insert otherwise - grep -Fq 'manage_network_ns_lifecycle =' $crio_conf_file \ - && sed -i '/manage_network_ns_lifecycle =/c manage_network_ns_lifecycle = true' $crio_conf_file \ - || sed -i '/\[crio.runtime\]/a manage_network_ns_lifecycle = true' $crio_conf_file + # add kata-clh config + if grep -q "^\[$kata_clh_conf\]" $crio_conf_file; then + echo "Configuration exists $kata_clh_conf, overwriting" + sed -i "/^\[$kata_clh_conf\]/,+1s#runtime_path.*#runtime_path = \"${kata_clh_path}\"#" $crio_conf_file + else + cat <&2 - if [ ! -f ${shim_backup} ]; then - mv ${shim_file} ${shim_backup} + if [ ! -f "${shim_backup}" ]; then + mv "${shim_file}" "${shim_backup}" else - rm ${shim_file} + rm "${shim_file}" fi fi cat << EOT | tee "$shim_file" #!/bin/bash KATA_CONF_FILE=/opt/kata/share/defaults/kata-containers/configuration-${shim}.toml /opt/kata/bin/containerd-shim-kata-v2 \$@ EOT - chmod +x $shim_file + chmod +x "$shim_file" done } @@ -225,14 +249,14 @@ function cleanup_containerd() { #Until support is added (see https://github.com/containerd/containerd/issues/3073), we manage # a reference to the v2-shim implementation - for shim in ${shims[@]}; do + for shim in "${shims[@]}"; do local shim_binary="containerd-shim-kata-${shim}-v2" local shim_file="/usr/local/bin/${shim_binary}" local shim_backup="/usr/local/bin/${shim_binary}.bak" - rm ${shim_file} || true + rm "${shim_file}" || true - if [ -f ${shim_backup} ]; then + if [ -f "${shim_backup}" ]; then mv "$shim_backup" "$shim_file" fi done @@ -240,15 +264,15 @@ function cleanup_containerd() { } function reset_runtime() { - kubectl label node $NODE_NAME katacontainers.io/kata-runtime- + kubectl label node "$NODE_NAME" katacontainers.io/kata-runtime- systemctl daemon-reload - systemctl restart $1 + systemctl restart "$1" systemctl restart kubelet } function main() { # script requires that user is root - euid=`id -u` + euid=$(id -u) if [[ $euid -ne 0 ]]; then die "This script must be run as root" fi @@ -261,7 +285,7 @@ function main() { fi action=${1:-} - if [ -z $action ]; then + if [ -z "$action" ]; then print_usage die "invalid arguments" fi @@ -269,16 +293,16 @@ function main() { # only install / remove / update if we are dealing with CRIO or containerd if [ "$runtime" == "crio" ] || [ "$runtime" == "containerd" ]; then - case $action in + case "$action" in install) install_artifacts - configure_cri_runtime $runtime - kubectl label node $NODE_NAME --overwrite katacontainers.io/kata-runtime=true + configure_cri_runtime "$runtime" + kubectl label node "$NODE_NAME" --overwrite katacontainers.io/kata-runtime=true ;; cleanup) - cleanup_cri_runtime $runtime - kubectl label node $NODE_NAME --overwrite katacontainers.io/kata-runtime=cleanup + cleanup_cri_runtime "$runtime" + kubectl label node "$NODE_NAME" --overwrite katacontainers.io/kata-runtime=cleanup remove_artifacts ;; reset) @@ -296,4 +320,4 @@ function main() { sleep infinity } -main $@ +main "$@"