diff --git a/docs/design/kata-design-requirements.md b/docs/design/kata-design-requirements.md index 22edac97e..5706e0347 100644 --- a/docs/design/kata-design-requirements.md +++ b/docs/design/kata-design-requirements.md @@ -30,7 +30,7 @@ The Kata Containers runtime **MUST** implement the following command line option The Kata Containers project **MUST** provide two interfaces for CRI shims to manage hardware virtualization based Kubernetes pods and containers: - An OCI and `runc` compatible command line interface, as described in the previous section. -This interface is used by implementations such as [`CRI-O`](http://cri-o.io) and [`cri-containerd`](https://github.com/containerd/cri-containerd), for example. +This interface is used by implementations such as [`CRI-O`](http://cri-o.io) and [`containerd`](https://github.com/containerd/containerd), for example. - A hardware virtualization runtime library API for CRI shims to consume and provide a more CRI native implementation. The [`frakti`](https://github.com/kubernetes/frakti) CRI shim is an example of such a consumer. diff --git a/docs/how-to/README.md b/docs/how-to/README.md index 177083c15..44ffa21d3 100644 --- a/docs/how-to/README.md +++ b/docs/how-to/README.md @@ -5,7 +5,7 @@ - [Run Kata containers with `crictl`](run-kata-with-crictl.md) - [Run Kata Containers with Kubernetes](run-kata-with-k8s.md) - [How to use Kata Containers and Containerd](containerd-kata.md) -- [How to use Kata Containers and CRI (containerd plugin) with Kubernetes](how-to-use-k8s-with-cri-containerd-and-kata.md) +- [How to use Kata Containers and CRI (containerd) with Kubernetes](how-to-use-k8s-with-cri-containerd-and-kata.md) - [Kata Containers and service mesh for Kubernetes](service-mesh.md) - [How to import Kata Containers logs into Fluentd](how-to-import-kata-logs-with-fluentd.md) diff --git a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md b/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md index 47687fa6b..4df8c111c 100644 --- a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md +++ b/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md @@ -3,7 +3,7 @@ This document describes how to set up a single-machine Kubernetes (k8s) cluster. The Kubernetes cluster will use the -[CRI containerd plugin](https://github.com/containerd/containerd/tree/main/pkg/cri) and +[CRI containerd](https://github.com/containerd/containerd/) and [Kata Containers](https://katacontainers.io) to launch untrusted workloads. ## Requirements diff --git a/docs/how-to/privileged.md b/docs/how-to/privileged.md index 32ee486b7..fcffb58da 100644 --- a/docs/how-to/privileged.md +++ b/docs/how-to/privileged.md @@ -16,9 +16,9 @@ from the host, a potentially undesirable side-effect that decreases the security The following sections document how to configure this behavior in different container runtimes. -#### Containerd and CRI +#### Containerd -The Containerd CRI allows configuring the privileged host devices behavior for each runtime in the CRI config. This is +The Containerd allows configuring the privileged host devices behavior for each runtime in the containerd config. This is done with the `privileged_without_host_devices` option. Setting this to `true` will disable hot plugging of the host devices into the guest, even when privileged is enabled. @@ -41,7 +41,7 @@ See below example config: ``` - [Kata Containers with Containerd and CRI documentation](how-to-use-k8s-with-cri-containerd-and-kata.md) - - [Containerd CRI config documentation](https://github.com/containerd/cri/blob/master/docs/config.md) + - [Containerd CRI config documentation](https://github.com/containerd/containerd/blob/main/docs/cri/config.md) #### CRI-O diff --git a/docs/how-to/run-kata-with-k8s.md b/docs/how-to/run-kata-with-k8s.md index 011d2b6bb..98da0622f 100644 --- a/docs/how-to/run-kata-with-k8s.md +++ b/docs/how-to/run-kata-with-k8s.md @@ -9,7 +9,7 @@ Kubernetes CRI (Container Runtime Interface) implementations allow using any OCI-compatible runtime with Kubernetes, such as the Kata Containers runtime. Kata Containers support both the [CRI-O](https://github.com/kubernetes-incubator/cri-o) and -[CRI-containerd](https://github.com/containerd/cri) CRI implementations. +[containerd](https://github.com/containerd/containerd) CRI implementations. After choosing one CRI implementation, you must make the appropriate configuration to ensure it integrates with Kata Containers. @@ -111,11 +111,7 @@ manage_ns_lifecycle = true ``` -### containerd with CRI plugin - -If you select containerd with `cri` plugin, follow the "Getting Started for Developers" -instructions [here](https://github.com/containerd/cri#getting-started-for-developers) -to properly install it. +### containerd To customize containerd to select Kata Containers runtime, follow our "Configure containerd to use Kata Containers" internal documentation @@ -160,7 +156,7 @@ $ sudo systemctl restart kubelet # If using CRI-O $ sudo kubeadm init --ignore-preflight-errors=all --cri-socket /var/run/crio/crio.sock --pod-network-cidr=10.244.0.0/16 -# If using CRI-containerd +# If using containerd $ sudo kubeadm init --ignore-preflight-errors=all --cri-socket /run/containerd/containerd.sock --pod-network-cidr=10.244.0.0/16 $ export KUBECONFIG=/etc/kubernetes/admin.conf diff --git a/docs/how-to/service-mesh.md b/docs/how-to/service-mesh.md index ca69ad982..0c6502192 100644 --- a/docs/how-to/service-mesh.md +++ b/docs/how-to/service-mesh.md @@ -34,7 +34,7 @@ as the proxy starts. Follow the [instructions](../install/README.md) to get Kata Containers properly installed and configured with Kubernetes. -You can choose between CRI-O and CRI-containerd, both are supported +You can choose between CRI-O and containerd, both are supported through this document. For both cases, select the workloads as _trusted_ by default. This way, @@ -159,7 +159,7 @@ containers with `privileged: true` to `privileged: false`. There is no difference between Istio and Linkerd in this section. It is about which CRI implementation you use. -For both CRI-O and CRI-containerd, you have to add an annotation indicating +For both CRI-O and containerd, you have to add an annotation indicating the workload for this deployment is not _trusted_, which will trigger `kata-runtime` to be called instead of `runc`. @@ -193,9 +193,9 @@ spec: ... ``` -__CRI-containerd:__ +__containerd:__ -Add the following annotation for CRI-containerd +Add the following annotation for containerd ```yaml io.kubernetes.cri.untrusted-workload: "true" ```