Add youki runtime support (#8411)
This commit is contained in:
parent
38d129a0b6
commit
e88aa7c96b
18 changed files with 269 additions and 0 deletions
|
@ -202,6 +202,7 @@ The following tags are defined in playbooks:
|
||||||
| vsphere-csi-driver | Configuring csi driver: vsphere
|
| vsphere-csi-driver | Configuring csi driver: vsphere
|
||||||
| weave | Network plugin Weave
|
| weave | Network plugin Weave
|
||||||
| win_nodes | Running windows specific tasks
|
| win_nodes | Running windows specific tasks
|
||||||
|
| youki | Configuring youki runtime
|
||||||
|
|
||||||
Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
|
Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
|
||||||
tags found in the codebase. New tags will be listed with the empty "Used for"
|
tags found in the codebase. New tags will be listed with the empty "Used for"
|
||||||
|
|
|
@ -73,6 +73,13 @@ crun_runtime:
|
||||||
type: oci
|
type: oci
|
||||||
root: /run/crun
|
root: /run/crun
|
||||||
|
|
||||||
|
# youki is an implementation of the OCI runtime-spec in Rust, similar to runc.
|
||||||
|
youki_runtime:
|
||||||
|
name: youki
|
||||||
|
path: "{{ youki_bin_dir }}/youki"
|
||||||
|
type: oci
|
||||||
|
root: /run/youki
|
||||||
|
|
||||||
# When this is true, CRI-O package repositories are added. Set this to false when using an
|
# When this is true, CRI-O package repositories are added. Set this to false when using an
|
||||||
# environment with preconfigured CRI-O package repositories.
|
# environment with preconfigured CRI-O package repositories.
|
||||||
crio_add_repos: true
|
crio_add_repos: true
|
||||||
|
|
|
@ -54,6 +54,12 @@
|
||||||
when:
|
when:
|
||||||
- crun_enabled
|
- crun_enabled
|
||||||
|
|
||||||
|
- name: Build a list of crio runtimes with youki runtime
|
||||||
|
set_fact:
|
||||||
|
crio_runtimes: "{{ crio_runtimes + [youki_runtime] }}"
|
||||||
|
when:
|
||||||
|
- youki_enabled
|
||||||
|
|
||||||
- name: Make sure needed folders exist in the system
|
- name: Make sure needed folders exist in the system
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/crio
|
- /etc/crio
|
||||||
|
|
|
@ -23,6 +23,14 @@ dependencies:
|
||||||
- container-engine
|
- container-engine
|
||||||
- crun
|
- crun
|
||||||
|
|
||||||
|
- role: container-engine/youki
|
||||||
|
when:
|
||||||
|
- youki_enabled
|
||||||
|
- container_manager == 'crio'
|
||||||
|
tags:
|
||||||
|
- container-engine
|
||||||
|
- youki
|
||||||
|
|
||||||
- role: container-engine/cri-o
|
- role: container-engine/cri-o
|
||||||
when:
|
when:
|
||||||
- container_manager == 'crio'
|
- container_manager == 'crio'
|
||||||
|
|
3
roles/container-engine/youki/defaults/main.yml
Normal file
3
roles/container-engine/youki/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
youki_bin_dir: "{{ bin_dir }}"
|
11
roles/container-engine/youki/molecule/default/converge.yml
Normal file
11
roles/container-engine/youki/molecule/default/converge.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
vars:
|
||||||
|
youki_enabled: true
|
||||||
|
container_manager: crio
|
||||||
|
roles:
|
||||||
|
- role: kubespray-defaults
|
||||||
|
- role: container-engine/cri-o
|
||||||
|
- role: container-engine/youki
|
|
@ -0,0 +1,17 @@
|
||||||
|
{
|
||||||
|
"cniVersion": "0.4.0",
|
||||||
|
"name": "mynet",
|
||||||
|
"type": "bridge",
|
||||||
|
"bridge": "cni0",
|
||||||
|
"isGateway": true,
|
||||||
|
"ipMasq": true,
|
||||||
|
"ipam": {
|
||||||
|
"type": "host-local",
|
||||||
|
"subnet": "172.19.0.0/24",
|
||||||
|
"routes": [
|
||||||
|
{
|
||||||
|
"dst": "0.0.0.0/0"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"metadata": {
|
||||||
|
"name": "youki1"
|
||||||
|
},
|
||||||
|
"image": {
|
||||||
|
"image": "quay.io/kubespray/hello-world:latest"
|
||||||
|
},
|
||||||
|
"log_path": "youki1.0.log",
|
||||||
|
"linux": {}
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"metadata": {
|
||||||
|
"name": "youki1",
|
||||||
|
"namespace": "default",
|
||||||
|
"attempt": 1,
|
||||||
|
"uid": "hdishd83djaidwnduwk28bcsb"
|
||||||
|
},
|
||||||
|
"linux": {},
|
||||||
|
"log_directory": "/tmp"
|
||||||
|
}
|
45
roles/container-engine/youki/molecule/default/molecule.yml
Normal file
45
roles/container-engine/youki/molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
driver:
|
||||||
|
name: vagrant
|
||||||
|
provider:
|
||||||
|
name: libvirt
|
||||||
|
options:
|
||||||
|
driver: kvm
|
||||||
|
lint: |
|
||||||
|
set -e
|
||||||
|
yamllint -c ../../../.yamllint .
|
||||||
|
platforms:
|
||||||
|
- name: ubuntu20
|
||||||
|
box: generic/ubuntu2004
|
||||||
|
cpus: 1
|
||||||
|
memory: 1024
|
||||||
|
nested: true
|
||||||
|
groups:
|
||||||
|
- kube_control_plane
|
||||||
|
- name: almalinux8
|
||||||
|
box: almalinux/8
|
||||||
|
cpus: 1
|
||||||
|
memory: 1024
|
||||||
|
nested: true
|
||||||
|
groups:
|
||||||
|
- kube_control_plane
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
env:
|
||||||
|
ANSIBLE_ROLES_PATH: ../../../../
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
|
lint:
|
||||||
|
name: ansible-lint
|
||||||
|
options:
|
||||||
|
c: ../../../.ansible-lint
|
||||||
|
inventory:
|
||||||
|
group_vars:
|
||||||
|
all:
|
||||||
|
become: true
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
||||||
|
lint:
|
||||||
|
name: flake8
|
48
roles/container-engine/youki/molecule/default/prepare.yml
Normal file
48
roles/container-engine/youki/molecule/default/prepare.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
- name: Prepare generic
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: kubespray-defaults
|
||||||
|
- role: bootstrap-os
|
||||||
|
- role: adduser
|
||||||
|
user: "{{ addusers.kube }}"
|
||||||
|
tasks:
|
||||||
|
- include_tasks: "../../../../download/tasks/download_file.yml"
|
||||||
|
vars:
|
||||||
|
download: "{{ download_defaults | combine(downloads.cni) }}"
|
||||||
|
|
||||||
|
- name: Prepare container runtime
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
vars:
|
||||||
|
container_manager: crio
|
||||||
|
kube_network_plugin: cni
|
||||||
|
roles:
|
||||||
|
- role: kubespray-defaults
|
||||||
|
- role: network_plugin/cni
|
||||||
|
- role: container-engine/crictl
|
||||||
|
tasks:
|
||||||
|
- name: Copy test container files
|
||||||
|
copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "/tmp/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- container.json
|
||||||
|
- sandbox.json
|
||||||
|
- name: Create /etc/cni/net.d directory
|
||||||
|
file:
|
||||||
|
path: /etc/cni/net.d
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
mode: 0755
|
||||||
|
- name: Setup CNI
|
||||||
|
copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "/etc/cni/net.d/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- 10-mynet.conf
|
|
@ -0,0 +1,29 @@
|
||||||
|
import os
|
||||||
|
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
|
||||||
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||||
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
|
||||||
|
|
||||||
|
|
||||||
|
def test_run(host):
|
||||||
|
youkiruntime = "/usr/local/bin/youki"
|
||||||
|
with host.sudo():
|
||||||
|
cmd = host.command(youkiruntime + " --version")
|
||||||
|
assert cmd.rc == 0
|
||||||
|
assert "youki" in cmd.stdout
|
||||||
|
|
||||||
|
|
||||||
|
def test_run_pod(host):
|
||||||
|
runtime = "youki"
|
||||||
|
|
||||||
|
run_command = "/usr/local/bin/crictl run --with-pull --runtime {} /tmp/container.json /tmp/sandbox.json".format(runtime)
|
||||||
|
with host.sudo():
|
||||||
|
cmd = host.command(run_command)
|
||||||
|
assert cmd.rc == 0
|
||||||
|
|
||||||
|
with host.sudo():
|
||||||
|
log_f = host.file("/tmp/youki1.0.log")
|
||||||
|
|
||||||
|
assert log_f.exists
|
||||||
|
assert b"Hello from Docker" in log_f.content
|
12
roles/container-engine/youki/tasks/main.yml
Normal file
12
roles/container-engine/youki/tasks/main.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: youki | Download youki
|
||||||
|
include_tasks: "../../../download/tasks/download_file.yml"
|
||||||
|
vars:
|
||||||
|
download: "{{ download_defaults | combine(downloads.youki) }}"
|
||||||
|
|
||||||
|
- name: youki | Copy youki binary from download dir
|
||||||
|
copy:
|
||||||
|
src: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-v{{ youki_version }}/youki"
|
||||||
|
dest: "{{ youki_bin_dir }}/youki"
|
||||||
|
mode: 0755
|
||||||
|
remote_src: true
|
|
@ -72,6 +72,7 @@ kubeadm_version: "{{ kube_version }}"
|
||||||
crun_version: 1.4
|
crun_version: 1.4
|
||||||
runc_version: v1.0.3
|
runc_version: v1.0.3
|
||||||
kata_containers_version: 2.2.3
|
kata_containers_version: 2.2.3
|
||||||
|
youki_version: 0.0.1
|
||||||
gvisor_version: 20210921
|
gvisor_version: 20210921
|
||||||
containerd_version: 1.5.9
|
containerd_version: 1.5.9
|
||||||
|
|
||||||
|
@ -142,6 +143,7 @@ crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/down
|
||||||
helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
|
helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
|
||||||
runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}"
|
runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}"
|
||||||
crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
|
crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
|
||||||
|
youki_download_url: "https://github.com/containers/youki/releases/download/v{{ youki_version }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz"
|
||||||
kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
|
kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
|
||||||
# gVisor only supports amd64 and uses x86_64 to in the download link
|
# gVisor only supports amd64 and uses x86_64 to in the download link
|
||||||
gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc"
|
gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc"
|
||||||
|
@ -430,6 +432,14 @@ crun_checksums:
|
||||||
1.3: c0955cf6d3d832c0249bbaa71ed235abb35b8ca45fe07f2bd4501a00afb9bdc4
|
1.3: c0955cf6d3d832c0249bbaa71ed235abb35b8ca45fe07f2bd4501a00afb9bdc4
|
||||||
1.4: 8e8081562503308f39f571acfe94afc663816ea0cb8f922145e2aaf0991415d7
|
1.4: 8e8081562503308f39f571acfe94afc663816ea0cb8f922145e2aaf0991415d7
|
||||||
|
|
||||||
|
youki_checksums:
|
||||||
|
arm:
|
||||||
|
0.0.1: 0
|
||||||
|
amd64:
|
||||||
|
0.0.1: 8bd712fe95c8a81194bfbc54c70516350f95153d67044579af95788fbafd943b
|
||||||
|
arm64:
|
||||||
|
0.0.1: 0
|
||||||
|
|
||||||
kata_containers_binary_checksums:
|
kata_containers_binary_checksums:
|
||||||
arm:
|
arm:
|
||||||
2.0.4: 0
|
2.0.4: 0
|
||||||
|
@ -512,6 +522,7 @@ crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
|
||||||
helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
|
helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
|
||||||
runc_binary_checksum: "{{ runc_checksums[image_arch][runc_version] }}"
|
runc_binary_checksum: "{{ runc_checksums[image_arch][runc_version] }}"
|
||||||
crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
|
crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
|
||||||
|
youki_archive_checksum: "{{ youki_checksums[image_arch][youki_version] }}"
|
||||||
kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
|
kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
|
||||||
gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}"
|
gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}"
|
||||||
gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}"
|
gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}"
|
||||||
|
@ -809,6 +820,19 @@ downloads:
|
||||||
groups:
|
groups:
|
||||||
- k8s_cluster
|
- k8s_cluster
|
||||||
|
|
||||||
|
youki:
|
||||||
|
file: true
|
||||||
|
enabled: "{{ youki_enabled }}"
|
||||||
|
version: "{{ youki_version }}"
|
||||||
|
dest: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz"
|
||||||
|
sha256: "{{ youki_archive_checksum }}"
|
||||||
|
url: "{{ youki_download_url }}"
|
||||||
|
unarchive: true
|
||||||
|
owner: "root"
|
||||||
|
mode: "0755"
|
||||||
|
groups:
|
||||||
|
- k8s_cluster
|
||||||
|
|
||||||
runc:
|
runc:
|
||||||
file: true
|
file: true
|
||||||
enabled: "{{ container_manager == 'containerd' }}"
|
enabled: "{{ container_manager == 'containerd' }}"
|
||||||
|
|
|
@ -20,3 +20,12 @@ dependencies:
|
||||||
- apps
|
- apps
|
||||||
- crun
|
- crun
|
||||||
- container-runtimes
|
- container-runtimes
|
||||||
|
|
||||||
|
- role: kubernetes-apps/container_runtimes/youki
|
||||||
|
when:
|
||||||
|
- youki_enabled
|
||||||
|
- container_manager == 'crio'
|
||||||
|
tags:
|
||||||
|
- apps
|
||||||
|
- youki
|
||||||
|
- container-runtimes
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: youki | Copy runtime class manifest
|
||||||
|
template:
|
||||||
|
src: runtimeclass-youki.yml
|
||||||
|
dest: "{{ kube_config_dir }}/runtimeclass-youki.yml"
|
||||||
|
mode: "0664"
|
||||||
|
when:
|
||||||
|
- inventory_hostname == groups['kube_control_plane'][0]
|
||||||
|
|
||||||
|
- name: youki | Apply manifests
|
||||||
|
kube:
|
||||||
|
name: "runtimeclass-youki"
|
||||||
|
kubectl: "{{ bin_dir }}/kubectl"
|
||||||
|
resource: "runtimeclass"
|
||||||
|
filename: "{{ kube_config_dir }}/runtimeclass-youki.yml"
|
||||||
|
state: "latest"
|
||||||
|
when:
|
||||||
|
- inventory_hostname == groups['kube_control_plane'][0]
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
kind: RuntimeClass
|
||||||
|
apiVersion: node.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: youki
|
||||||
|
handler: youki
|
|
@ -275,6 +275,10 @@ gvisor_enabled: false
|
||||||
# When enabled, it requires container_manager=crio
|
# When enabled, it requires container_manager=crio
|
||||||
crun_enabled: false
|
crun_enabled: false
|
||||||
|
|
||||||
|
# Enable youki as additional container runtime
|
||||||
|
# When enabled, it requires container_manager=crio
|
||||||
|
youki_enabled: false
|
||||||
|
|
||||||
# Container on localhost (download images when download_localhost is true)
|
# Container on localhost (download images when download_localhost is true)
|
||||||
container_manager_on_localhost: "{{ container_manager }}"
|
container_manager_on_localhost: "{{ container_manager }}"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue