Add youki runtime support (#8411)

This commit is contained in:
Victor Morales 2022-01-21 14:01:07 -08:00 committed by GitHub
parent 38d129a0b6
commit e88aa7c96b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 269 additions and 0 deletions

View file

@ -202,6 +202,7 @@ The following tags are defined in playbooks:
| vsphere-csi-driver | Configuring csi driver: vsphere | vsphere-csi-driver | Configuring csi driver: vsphere
| weave | Network plugin Weave | weave | Network plugin Weave
| win_nodes | Running windows specific tasks | win_nodes | Running windows specific tasks
| youki | Configuring youki runtime
Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
tags found in the codebase. New tags will be listed with the empty "Used for" tags found in the codebase. New tags will be listed with the empty "Used for"

View file

@ -73,6 +73,13 @@ crun_runtime:
type: oci type: oci
root: /run/crun root: /run/crun
# youki is an implementation of the OCI runtime-spec in Rust, similar to runc.
youki_runtime:
name: youki
path: "{{ youki_bin_dir }}/youki"
type: oci
root: /run/youki
# When this is true, CRI-O package repositories are added. Set this to false when using an # When this is true, CRI-O package repositories are added. Set this to false when using an
# environment with preconfigured CRI-O package repositories. # environment with preconfigured CRI-O package repositories.
crio_add_repos: true crio_add_repos: true

View file

@ -54,6 +54,12 @@
when: when:
- crun_enabled - crun_enabled
- name: Build a list of crio runtimes with youki runtime
set_fact:
crio_runtimes: "{{ crio_runtimes + [youki_runtime] }}"
when:
- youki_enabled
- name: Make sure needed folders exist in the system - name: Make sure needed folders exist in the system
with_items: with_items:
- /etc/crio - /etc/crio

View file

@ -23,6 +23,14 @@ dependencies:
- container-engine - container-engine
- crun - crun
- role: container-engine/youki
when:
- youki_enabled
- container_manager == 'crio'
tags:
- container-engine
- youki
- role: container-engine/cri-o - role: container-engine/cri-o
when: when:
- container_manager == 'crio' - container_manager == 'crio'

View file

@ -0,0 +1,3 @@
---
youki_bin_dir: "{{ bin_dir }}"

View file

@ -0,0 +1,11 @@
---
- name: Converge
hosts: all
become: true
vars:
youki_enabled: true
container_manager: crio
roles:
- role: kubespray-defaults
- role: container-engine/cri-o
- role: container-engine/youki

View file

@ -0,0 +1,17 @@
{
"cniVersion": "0.4.0",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "172.19.0.0/24",
"routes": [
{
"dst": "0.0.0.0/0"
}
]
}
}

View file

@ -0,0 +1,10 @@
{
"metadata": {
"name": "youki1"
},
"image": {
"image": "quay.io/kubespray/hello-world:latest"
},
"log_path": "youki1.0.log",
"linux": {}
}

View file

@ -0,0 +1,10 @@
{
"metadata": {
"name": "youki1",
"namespace": "default",
"attempt": 1,
"uid": "hdishd83djaidwnduwk28bcsb"
},
"linux": {},
"log_directory": "/tmp"
}

View file

@ -0,0 +1,45 @@
---
driver:
name: vagrant
provider:
name: libvirt
options:
driver: kvm
lint: |
set -e
yamllint -c ../../../.yamllint .
platforms:
- name: ubuntu20
box: generic/ubuntu2004
cpus: 1
memory: 1024
nested: true
groups:
- kube_control_plane
- name: almalinux8
box: almalinux/8
cpus: 1
memory: 1024
nested: true
groups:
- kube_control_plane
provisioner:
name: ansible
env:
ANSIBLE_ROLES_PATH: ../../../../
config_options:
defaults:
callback_whitelist: profile_tasks
timeout: 120
lint:
name: ansible-lint
options:
c: ../../../.ansible-lint
inventory:
group_vars:
all:
become: true
verifier:
name: testinfra
lint:
name: flake8

View file

@ -0,0 +1,48 @@
---
- name: Prepare generic
hosts: all
become: true
roles:
- role: kubespray-defaults
- role: bootstrap-os
- role: adduser
user: "{{ addusers.kube }}"
tasks:
- include_tasks: "../../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.cni) }}"
- name: Prepare container runtime
hosts: all
become: true
vars:
container_manager: crio
kube_network_plugin: cni
roles:
- role: kubespray-defaults
- role: network_plugin/cni
- role: container-engine/crictl
tasks:
- name: Copy test container files
copy:
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
mode: 0644
with_items:
- container.json
- sandbox.json
- name: Create /etc/cni/net.d directory
file:
path: /etc/cni/net.d
state: directory
owner: root
mode: 0755
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
mode: 0644
with_items:
- 10-mynet.conf

View file

@ -0,0 +1,29 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def test_run(host):
youkiruntime = "/usr/local/bin/youki"
with host.sudo():
cmd = host.command(youkiruntime + " --version")
assert cmd.rc == 0
assert "youki" in cmd.stdout
def test_run_pod(host):
runtime = "youki"
run_command = "/usr/local/bin/crictl run --with-pull --runtime {} /tmp/container.json /tmp/sandbox.json".format(runtime)
with host.sudo():
cmd = host.command(run_command)
assert cmd.rc == 0
with host.sudo():
log_f = host.file("/tmp/youki1.0.log")
assert log_f.exists
assert b"Hello from Docker" in log_f.content

View file

@ -0,0 +1,12 @@
---
- name: youki | Download youki
include_tasks: "../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.youki) }}"
- name: youki | Copy youki binary from download dir
copy:
src: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-v{{ youki_version }}/youki"
dest: "{{ youki_bin_dir }}/youki"
mode: 0755
remote_src: true

View file

@ -72,6 +72,7 @@ kubeadm_version: "{{ kube_version }}"
crun_version: 1.4 crun_version: 1.4
runc_version: v1.0.3 runc_version: v1.0.3
kata_containers_version: 2.2.3 kata_containers_version: 2.2.3
youki_version: 0.0.1
gvisor_version: 20210921 gvisor_version: 20210921
containerd_version: 1.5.9 containerd_version: 1.5.9
@ -142,6 +143,7 @@ crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/down
helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz" helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}" runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}"
crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}" crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
youki_download_url: "https://github.com/containers/youki/releases/download/v{{ youki_version }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz"
kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz" kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
# gVisor only supports amd64 and uses x86_64 to in the download link # gVisor only supports amd64 and uses x86_64 to in the download link
gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc" gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc"
@ -430,6 +432,14 @@ crun_checksums:
1.3: c0955cf6d3d832c0249bbaa71ed235abb35b8ca45fe07f2bd4501a00afb9bdc4 1.3: c0955cf6d3d832c0249bbaa71ed235abb35b8ca45fe07f2bd4501a00afb9bdc4
1.4: 8e8081562503308f39f571acfe94afc663816ea0cb8f922145e2aaf0991415d7 1.4: 8e8081562503308f39f571acfe94afc663816ea0cb8f922145e2aaf0991415d7
youki_checksums:
arm:
0.0.1: 0
amd64:
0.0.1: 8bd712fe95c8a81194bfbc54c70516350f95153d67044579af95788fbafd943b
arm64:
0.0.1: 0
kata_containers_binary_checksums: kata_containers_binary_checksums:
arm: arm:
2.0.4: 0 2.0.4: 0
@ -512,6 +522,7 @@ crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}" helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
runc_binary_checksum: "{{ runc_checksums[image_arch][runc_version] }}" runc_binary_checksum: "{{ runc_checksums[image_arch][runc_version] }}"
crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}" crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
youki_archive_checksum: "{{ youki_checksums[image_arch][youki_version] }}"
kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}" kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}" gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}"
gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}" gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}"
@ -809,6 +820,19 @@ downloads:
groups: groups:
- k8s_cluster - k8s_cluster
youki:
file: true
enabled: "{{ youki_enabled }}"
version: "{{ youki_version }}"
dest: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz"
sha256: "{{ youki_archive_checksum }}"
url: "{{ youki_download_url }}"
unarchive: true
owner: "root"
mode: "0755"
groups:
- k8s_cluster
runc: runc:
file: true file: true
enabled: "{{ container_manager == 'containerd' }}" enabled: "{{ container_manager == 'containerd' }}"

View file

@ -20,3 +20,12 @@ dependencies:
- apps - apps
- crun - crun
- container-runtimes - container-runtimes
- role: kubernetes-apps/container_runtimes/youki
when:
- youki_enabled
- container_manager == 'crio'
tags:
- apps
- youki
- container-runtimes

View file

@ -0,0 +1,19 @@
---
- name: youki | Copy runtime class manifest
template:
src: runtimeclass-youki.yml
dest: "{{ kube_config_dir }}/runtimeclass-youki.yml"
mode: "0664"
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: youki | Apply manifests
kube:
name: "runtimeclass-youki"
kubectl: "{{ bin_dir }}/kubectl"
resource: "runtimeclass"
filename: "{{ kube_config_dir }}/runtimeclass-youki.yml"
state: "latest"
when:
- inventory_hostname == groups['kube_control_plane'][0]

View file

@ -0,0 +1,6 @@
---
kind: RuntimeClass
apiVersion: node.k8s.io/v1
metadata:
name: youki
handler: youki

View file

@ -275,6 +275,10 @@ gvisor_enabled: false
# When enabled, it requires container_manager=crio # When enabled, it requires container_manager=crio
crun_enabled: false crun_enabled: false
# Enable youki as additional container runtime
# When enabled, it requires container_manager=crio
youki_enabled: false
# Container on localhost (download images when download_localhost is true) # Container on localhost (download images when download_localhost is true)
container_manager_on_localhost: "{{ container_manager }}" container_manager_on_localhost: "{{ container_manager }}"