github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-25 23:11:57 +00:00
Code Issues Projects Releases Wiki Activity
selective-ci
kata-containers/tools/testing/kata-webhook
History
dependabot[bot] 391bc35805 build(deps): bump the go_modules group across 5 directories with 8 updates 
Bumps the go_modules group with 2 updates in the /src/runtime directory: [github.com/containerd/containerd](https://github.com/containerd/containerd) and [github.com/containers/podman/v4](https://github.com/containers/podman).
Bumps the go_modules group with 4 updates in the /src/tools/csi-kata-directvolume directory: [golang.org/x/sys](https://github.com/golang/sys), google.golang.org/protobuf, [golang.org/x/net](https://github.com/golang/net) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).
Bumps the go_modules group with 2 updates in the /src/tools/log-parser directory: [golang.org/x/sys](https://github.com/golang/sys) and gopkg.in/yaml.v3.
Bumps the go_modules group with 2 updates in the /tests directory: [golang.org/x/sys](https://github.com/golang/sys) and gopkg.in/yaml.v3.
Bumps the go_modules group with 2 updates in the /tools/testing/kata-webhook directory: [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/net](https://github.com/golang/net).


Updates `github.com/containerd/containerd` from 1.7.2 to 1.7.11
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v1.7.2...v1.7.11)

Updates `github.com/containers/podman/v4` from 4.2.0 to 4.9.4
- [Release notes](https://github.com/containers/podman/releases)
- [Changelog](https://github.com/containers/podman/blob/v4.9.4/RELEASE_NOTES.md)
- [Commits](https://github.com/containers/podman/compare/v4.2.0...v4.9.4)

Updates `google.golang.org/protobuf` from 1.29.1 to 1.33.0

Updates `github.com/cyphar/filepath-securejoin` from 0.2.3 to 0.2.4
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4)

Updates `golang.org/x/sys` from 0.15.0 to 0.19.0
- [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.19.0)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `golang.org/x/net` from 0.19.0 to 0.23.0
- [Commits](https://github.com/golang/net/compare/v0.19.0...v0.23.0)

Updates `google.golang.org/grpc` from 1.59.0 to 1.63.2
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.59.0...v1.63.2)

Updates `golang.org/x/sys` from 0.0.0-20191026070338-33540a1f6037 to 0.1.0
- [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.19.0)

Updates `gopkg.in/yaml.v3` from 3.0.0-20200313102051-9f266ea9e77c to 3.0.0

Updates `golang.org/x/sys` from 0.0.0-20220429233432-b5fbb4746d32 to 0.19.0
- [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.19.0)

Updates `gopkg.in/yaml.v3` from 3.0.0-20210107192922-496545a6307b to 3.0.0

Updates `golang.org/x/sys` from 0.15.0 to 0.19.0
- [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.19.0)

Updates `golang.org/x/net` from 0.19.0 to 0.23.0
- [Commits](https://github.com/golang/net/compare/v0.19.0...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/containers/podman/v4
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: gopkg.in/yaml.v3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: gopkg.in/yaml.v3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-30 09:46:13 +01:00
..
deploy ci/openshift-ci: Move openshift-ci from the tests repo 2024-01-30 19:05:55 +01:00
.gitignore ci/openshift-ci: Move openshift-ci from the tests repo 2024-01-30 19:05:55 +01:00
common.bash ci/openshift-ci: Move openshift-ci from the tests repo 2024-01-30 19:05:55 +01:00
create-certs.sh ci/openshift-ci: Move openshift-ci from the tests repo 2024-01-30 19:05:55 +01:00
Dockerfile ci/openshift-ci: Move openshift-ci from the tests repo 2024-01-30 19:05:55 +01:00
go.mod build(deps): bump the go_modules group across 5 directories with 8 updates 2024-04-30 09:46:13 +01:00
go.sum build(deps): bump the go_modules group across 5 directories with 8 updates 2024-04-30 09:46:13 +01:00
main.go ci/openshift-ci: Move openshift-ci from the tests repo 2024-01-30 19:05:55 +01:00
README.md ci/openshift-ci: Move openshift-ci from the tests repo 2024-01-30 19:05:55 +01:00
webhook-check.sh tools.kata-webhook: Fix lib path 2024-02-05 14:17:24 +01:00

README.md

Kata Admission controller webhook

Implement a simple admission controller webhook to annotate pods with the Kata runtime class.

How to build the admission controller

Note: Only run this step if you are modifying the current webhook or don't want to use the webhook available in docker hub.

First build the admission controller image and the associated Kubernetes YAML files required to instantiate the admission controller.

docker build -t quay.io/kata-containers/kata-webhook-example:latest -f Dockerfile .

Note

Image needs to be published for the webhook needs to work. Alternately on a single machine cluster change the imagePullPolicy to use the locally built image.

Making Kata the default runtime using an admission controller

Today in crio.conf runc is the default runtime when a user does not specify runtimeClass in the pod spec. If you want to run a cluster where Kata is used by default, except for workloads we know for sure will not work with Kata, use the admission webhook and sample admission controller we created by running the commands below:

Note

By default, the runtimeClass name used in this webhook is kata. If your cluster is configured with another runtimeClass, you'll need to change the value of the RUNTIME_CLASS environment variable defined in the webhook file. You can manually edit the file or run:

export RUNTIME_CLASS=<>

kubectl create cm kata-webhook --from-literal runtime_class=$RUNTIME_CLASS

./create-certs.sh
kubectl apply -f deploy/

Afterwards you can run the webhook-check.sh script to check the webhook was deployed correctly and is working:

./webhook-check.sh

The webhook mutates pods to use the Kata runtime class for all pods except those with

  • hostNetwork: true
  • namespace: rook-ceph and rook-ceph-system