diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh index 02d19999627..d5e187bd0fc 100755 --- a/hack/local-up-cluster.sh +++ b/hack/local-up-cluster.sh @@ -49,6 +49,17 @@ CGROUP_ROOT=${CGROUP_ROOT:-""} # owner of client certs, default to current user if not specified USER=${USER:-$(whoami)} +# required for cni installation +CNI_CONFIG_DIR=${CNI_CONFIG_DIR:-/etc/cni/net.d} +CNI_PLUGINS_VERSION=${CNI_PLUGINS_VERSION:-"v1.0.1"} +CNI_TARGETARCH=${CNI_TARGETARCH:-amd64} +CNI_PLUGINS_TARBALL="${CNI_PLUGINS_VERSION}/cni-plugins-linux-${CNI_TARGETARCH}-${CNI_PLUGINS_VERSION}.tgz" +CNI_PLUGINS_URL="https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGINS_TARBALL}" +CNI_PLUGINS_AMD64_SHA256SUM=${CNI_PLUGINS_AMD64_SHA256SUM:-"5238fbb2767cbf6aae736ad97a7aa29167525dcd405196dfbc064672a730d3cf"} +CNI_PLUGINS_ARM64_SHA256SUM=${CNI_PLUGINS_ARM64_SHA256SUM:-"2d4528c45bdd0a8875f849a75082bc4eafe95cb61f9bcc10a6db38a031f67226"} +CNI_PLUGINS_PPC64LE_SHA256SUM=${CNI_PLUGINS_PPC64LE_SHA256SUM:-"f078e33067e6daaef3a3a5010d6440f2464b7973dec3ca0b5d5be22fdcb1fd96"} +CNI_PLUGINS_S390X_SHA256SUM=${CNI_PLUGINS_S390X_SHA256SUM:-"468d33e16440d9ca4395c6bb2d5b71b35ae4a4df26301e4da85ac70c5ce56822"} + # enables testing eviction scenarios locally. EVICTION_HARD=${EVICTION_HARD:-"memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%"} EVICTION_SOFT=${EVICTION_SOFT:-""} @@ -1029,6 +1040,62 @@ function parse_eviction { done } +function install_cni { + echo "Installing CNI plugin binaries ..." \ + && curl -sSL --retry 5 --output /tmp/cni."${CNI_TARGETARCH}".tgz "${CNI_PLUGINS_URL}" \ + && echo "${CNI_PLUGINS_AMD64_SHA256SUM} /tmp/cni.amd64.tgz" | tee /tmp/cni.sha256 \ + && sha256sum --ignore-missing -c /tmp/cni.sha256 \ + && rm -f /tmp/cni.sha256 \ + && mkdir -p /opt/cni/bin \ + && tar -C /opt/cni/bin -xzvf /tmp/cni."${CNI_TARGETARCH}".tgz \ + && rm -rf /tmp/cni."${CNI_TARGETARCH}".tgz \ + && find /opt/cni/bin -type f -not \( \ + -iname host-local \ + -o -iname bridge \ + -o -iname portmap \ + -o -iname loopback \ + \) \ + -delete + + # containerd 1.4.12 installed by docker in kubekins supports CNI version 0.4.0 + echo "Configuring cni" + mkdir -p "$CNI_CONFIG_DIR" + cat << EOF | tee "$CNI_CONFIG_DIR"/10-containerd-net.conflist +{ + "cniVersion": "0.4.0", + "name": "containerd-net", + "plugins": [ + { + "type": "bridge", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "promiscMode": true, + "ipam": { + "type": "host-local", + "ranges": [ + [{ + "subnet": "10.88.0.0/16" + }], + [{ + "subnet": "2001:4860:4860::/64" + }] + ], + "routes": [ + { "dst": "0.0.0.0/0" }, + { "dst": "::/0" } + ] + } + }, + { + "type": "portmap", + "capabilities": {"portMappings": true} + } + ] +} +EOF +} + # If we are running in the CI, we need a few more things before we can start if [[ "${KUBETEST_IN_DOCKER:-}" == "true" ]]; then echo "Preparing to test ..." @@ -1044,6 +1111,18 @@ if [[ "${KUBETEST_IN_DOCKER:-}" == "true" ]]; then # kubekins has a special directory for docker root DOCKER_ROOT="/docker-graph" + + # to use docker installed containerd as kubelet container runtime + # we need to enable cri and install cni + # install cni for docker in docker + install_cni + + # enable cri for docker in docker + echo "enable cri" + echo "DOCKER_OPTS=\"\${DOCKER_OPTS} --cri-containerd\"" >> /etc/default/docker + + echo "restarting docker" + service docker restart fi # validate that etcd is: not running, in path, and has minimum required version.