From dea4c9f68325ddcf08a45069b59df96d6ae3c259 Mon Sep 17 00:00:00 2001
From: Zha Bin <zhabin@linux.alibaba.com>
Date: Thu, 21 Jul 2022 11:38:15 +0800
Subject: [PATCH] add cloud-native courses

Signed-off-by: Zha Bin <zhabin@linux.alibaba.com>
---
 .../cloud-native/compile_runD/end.md          |  1 +
 .../cloud-native/compile_runD/index.yaml      | 18 +++++++++
 .../cloud-native/compile_runD/start.md        |  1 +
 .../cloud-native/compile_runD/step1.md        |  4 ++
 .../cloud-native/compile_runD/step2.md        |  6 +++
 .../cloud-native/compile_runD/step3.md        |  9 +++++
 .../cloud-native/compile_runD/step4.md        | 16 ++++++++
 anolis-courses/cloud-native/index.yaml        | 19 ++++++++++
 .../cloud-native/running_runD/end.md          |  1 +
 .../cloud-native/running_runD/index.yaml      | 18 +++++++++
 .../cloud-native/running_runD/start.md        |  1 +
 .../cloud-native/running_runD/step1.md        |  4 ++
 .../cloud-native/running_runD/step2.md        |  9 +++++
 .../cloud-native/running_runD/step3.md        |  5 +++
 .../cloud-native/running_runD/step4.md        | 38 +++++++++++++++++++
 15 files changed, 150 insertions(+)
 create mode 100644 anolis-courses/cloud-native/compile_runD/end.md
 create mode 100644 anolis-courses/cloud-native/compile_runD/index.yaml
 create mode 100644 anolis-courses/cloud-native/compile_runD/start.md
 create mode 100644 anolis-courses/cloud-native/compile_runD/step1.md
 create mode 100644 anolis-courses/cloud-native/compile_runD/step2.md
 create mode 100644 anolis-courses/cloud-native/compile_runD/step3.md
 create mode 100644 anolis-courses/cloud-native/compile_runD/step4.md
 create mode 100644 anolis-courses/cloud-native/index.yaml
 create mode 100644 anolis-courses/cloud-native/running_runD/end.md
 create mode 100644 anolis-courses/cloud-native/running_runD/index.yaml
 create mode 100644 anolis-courses/cloud-native/running_runD/start.md
 create mode 100644 anolis-courses/cloud-native/running_runD/step1.md
 create mode 100644 anolis-courses/cloud-native/running_runD/step2.md
 create mode 100644 anolis-courses/cloud-native/running_runD/step3.md
 create mode 100644 anolis-courses/cloud-native/running_runD/step4.md

diff --git a/anolis-courses/cloud-native/compile_runD/end.md b/anolis-courses/cloud-native/compile_runD/end.md
new file mode 100644
index 0000000..33ea594
--- /dev/null
+++ b/anolis-courses/cloud-native/compile_runD/end.md
@@ -0,0 +1 @@
+恭喜您完成了本场景实验
diff --git a/anolis-courses/cloud-native/compile_runD/index.yaml b/anolis-courses/cloud-native/compile_runD/index.yaml
new file mode 100644
index 0000000..4e903f9
--- /dev/null
+++ b/anolis-courses/cloud-native/compile_runD/index.yaml
@@ -0,0 +1,18 @@
+name: 编译Rust版本RunD并体验结果
+desc: 体验Rust语言，并修改runD以及查看修改结果
+image: "Centos 8.5 64位"
+live_time: "30 min"   
+machine: x86_64-104c192g  # cpu架构-机器规格，该字段为空，默认 x86_64-2c4g
+max_clients: 1   # 最大并发使用数，不填则默认不限制
+details:
+  steps:
+    start: start.md
+    finish: finish.md
+    - name: 一键式部署RunD
+      content: step1.md
+    - name: 安装git与下载代码
+      content: step2.md
+    - name: 修改runD代码
+      content: step3.md
+    - name: 运行查看修改的结果
+      content: step4.md
diff --git a/anolis-courses/cloud-native/compile_runD/start.md b/anolis-courses/cloud-native/compile_runD/start.md
new file mode 100644
index 0000000..d3653b7
--- /dev/null
+++ b/anolis-courses/cloud-native/compile_runD/start.md
@@ -0,0 +1 @@
+本场景将提供一台配置了 CentOS 8.5 操作系统的裸金属服务器环境用于运行runD
diff --git a/anolis-courses/cloud-native/compile_runD/step1.md b/anolis-courses/cloud-native/compile_runD/step1.md
new file mode 100644
index 0000000..3e06263
--- /dev/null
+++ b/anolis-courses/cloud-native/compile_runD/step1.md
@@ -0,0 +1,4 @@
+1. 物理机环境，或者神龙服务器环境，上面不需要安装docker，containerd，nerdctl，只需要一个干净环境即可
+运行下面的命令一键式安装与部署runD
+[[ curl https://cloud-native.oss-cn-shanghai.aliyuncs.com/runtime/install-rund-nerdctl.sh -sSf | sh -s ]]
+需要稍微等一会下载安装包与镜像，以及安装部署
diff --git a/anolis-courses/cloud-native/compile_runD/step2.md b/anolis-courses/cloud-native/compile_runD/step2.md
new file mode 100644
index 0000000..1ef5c91
--- /dev/null
+++ b/anolis-courses/cloud-native/compile_runD/step2.md
@@ -0,0 +1,6 @@
+1. 默认机器上没有安装git，需要先下载git工具
+[[ yum install git -y ]]
+
+2. 下载runD的代码
+[[ git clone https://github.com/openanolis/kata-containers.git ]]
+[[ cd kata-containers && git checkout preview ]]
diff --git a/anolis-courses/cloud-native/compile_runD/step3.md b/anolis-courses/cloud-native/compile_runD/step3.md
new file mode 100644
index 0000000..0d2e07e
--- /dev/null
+++ b/anolis-courses/cloud-native/compile_runD/step3.md
@@ -0,0 +1,9 @@
+1. 可以尝试修改runD的代码，可以修改一些日志输出或者不影响功能的地方, 比如:
+--- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
++++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
+@@ -135,7 +135,7 @@ impl Sandbox for VirtSandbox {
+
+         // start vm
+         self.hypervisor.start_vm(10_000).await.context("start vm")?;
+-        info!(sl!(), "start vm");
++        info!(sl!(), "start vm for myself!");
diff --git a/anolis-courses/cloud-native/compile_runD/step4.md b/anolis-courses/cloud-native/compile_runD/step4.md
new file mode 100644
index 0000000..e609ee6
--- /dev/null
+++ b/anolis-courses/cloud-native/compile_runD/step4.md
@@ -0,0 +1,16 @@
+1. 开始编译最新修改的runD代码
+[[ repo-root-dir=/root/kata-containers ]]
+
+[[ container-image=cloud-native-registry.cn-shanghai.cr.aliyuncs.com/runtime/rund:shim-builder-latest ]]
+
+[[ nerdctl run --rm -i -v "${repo-root-dir}:${repo-root-dir}" \
+  -w "${repo-root-dir}/src/runtime-rs" \
+  "${container-image}" \
+  bash -c "git config --global --add safe.directory ${repo-root-dir} && make -j8" ]]
+
+2. 上面编译需要一段时间，需要等编译完,然后运行下面的命令替换最新的runD，并运行查看日志结果
+[[ cp $repo-root-dir/src/runtime-rs/target/x86_64-unknown-linux-musl/release/containerd-shim-kata-v2 /opt/kata/bin/containerd-shim-rund-v2 ]]
+
+[[ time nerdctl run --runtime io.containerd.rund.v2 busybox /bin/sh -c "uname -a" ]]
+
+[[ journalctl -t containerd -r | grep "start vm for myself" ]]
diff --git a/anolis-courses/cloud-native/index.yaml b/anolis-courses/cloud-native/index.yaml
new file mode 100644
index 0000000..101a388
--- /dev/null
+++ b/anolis-courses/cloud-native/index.yaml
@@ -0,0 +1,19 @@
+name: 体验龙蜥云原生轻量化安全容器runD
+desc: 龙蜥云原生社区开源了阿里巴巴内部使用的轻量化安全容器runD，使用Rust语言编写，在安全的同时，具有启动快、内存占用资源小等优势特点, 本课程可以用多种运行容器的工具体验runD
+的启动快特点；然后本课程零门槛体验修改Rust代码的runD
+runD    => 是龙蜥社区开源的安全容器沙箱环境，可以对接contaienrd，k8s等容器环境
+nerdctl => Docker-compatible CLI for containerd，兼容docker，并提供与docker类似的run，exec，stop，rm等容器管理的命令
+ctr     => 是containerd提供的简易的命令行参数工具
+crictl  => 是containerd下CRI接口的命令行参数工具，用于创建与k8s类似的POD，Container等资源
+type: course
+total_time: "60 min"
+level: "medium"                  # beginner、intermediate、advanced
+chapters:
+  - name: "多种运行容器工具体验runD"
+    desc: "学习使用nerdctl,ctr,crictl工具运行runD"
+    content: "running_runD"
+    live_time: "30 min"
+  - name: "修改体验Rust语言runD"
+    desc: "熟悉Rust语言，并修改runD代码，编译并查看运行结果"
+    content: "compile_runD"
+    live_time: "30 min" 
diff --git a/anolis-courses/cloud-native/running_runD/end.md b/anolis-courses/cloud-native/running_runD/end.md
new file mode 100644
index 0000000..33ea594
--- /dev/null
+++ b/anolis-courses/cloud-native/running_runD/end.md
@@ -0,0 +1 @@
+恭喜您完成了本场景实验
diff --git a/anolis-courses/cloud-native/running_runD/index.yaml b/anolis-courses/cloud-native/running_runD/index.yaml
new file mode 100644
index 0000000..913b232
--- /dev/null
+++ b/anolis-courses/cloud-native/running_runD/index.yaml
@@ -0,0 +1,18 @@
+name: 多种运行容器工具体验runD
+desc: 学习使用nerdctl,ctr,crictl工具运行runD
+image: "Centos 8.5 64位"
+live_time: "30 min"   
+machine: x86_64-104c192g  # cpu架构-机器规格，该字段为空，默认 x86_64-2c4g
+max_clients: 1   # 最大并发使用数，不填则默认不限制
+details:
+  steps:
+    start: start.md
+    finish: finish.md
+    - name: 一键式部署RunD
+      content: step1.md
+    - name: 使用nerdctl
+      content: step2.md
+    - name: 使用ctr
+      content: step3.md
+    - name: 使用crictl
+      content: step4.md
diff --git a/anolis-courses/cloud-native/running_runD/start.md b/anolis-courses/cloud-native/running_runD/start.md
new file mode 100644
index 0000000..d3653b7
--- /dev/null
+++ b/anolis-courses/cloud-native/running_runD/start.md
@@ -0,0 +1 @@
+本场景将提供一台配置了 CentOS 8.5 操作系统的裸金属服务器环境用于运行runD
diff --git a/anolis-courses/cloud-native/running_runD/step1.md b/anolis-courses/cloud-native/running_runD/step1.md
new file mode 100644
index 0000000..3e06263
--- /dev/null
+++ b/anolis-courses/cloud-native/running_runD/step1.md
@@ -0,0 +1,4 @@
+1. 物理机环境，或者神龙服务器环境，上面不需要安装docker，containerd，nerdctl，只需要一个干净环境即可
+运行下面的命令一键式安装与部署runD
+[[ curl https://cloud-native.oss-cn-shanghai.aliyuncs.com/runtime/install-rund-nerdctl.sh -sSf | sh -s ]]
+需要稍微等一会下载安装包与镜像，以及安装部署
diff --git a/anolis-courses/cloud-native/running_runD/step2.md b/anolis-courses/cloud-native/running_runD/step2.md
new file mode 100644
index 0000000..c578189
--- /dev/null
+++ b/anolis-courses/cloud-native/running_runD/step2.md
@@ -0,0 +1,9 @@
+1. 环境已经部署上了nerdctl, 第一步是下载运行容器需要的镜像
+[[ nerdctl pull busybox ]]
+
+2. 直接可以使用runtime为rund来运行下载的busybox镜像，并运行一个命令，现在是uname
+同时可以查看当前运行的时间
+[[ time nerdctl run --runtime io.containerd.rund.v2 busybox /bin/sh -c "uname -a" ]]
+
+3. 还可以运行qemu作为安全容器的vmm作为对比，可以看到rund启动时间会快很多
+[[ time nerdctl run --runtime io.containerd.kata-qemu.v2 busybox /bin/sh -c "uname -a" ]]
diff --git a/anolis-courses/cloud-native/running_runD/step3.md b/anolis-courses/cloud-native/running_runD/step3.md
new file mode 100644
index 0000000..16572df
--- /dev/null
+++ b/anolis-courses/cloud-native/running_runD/step3.md
@@ -0,0 +1,5 @@
+1. 使用ctr命令同样可以run起来runD，直接通过runtime指定使用rund
+[[ time ctr run --runtime "io.containerd.rund.v2" -d docker.io/library/busybox:latest test-rund /bin/sh ]]
+
+2. 同样可以使用qemu做对比
+[[ time ctr run --runtime "io.containerd.kata-qemu.v2" -d docker.io/library/busybox:latest test-qemu2 /bin/sh ]]
diff --git a/anolis-courses/cloud-native/running_runD/step4.md b/anolis-courses/cloud-native/running_runD/step4.md
new file mode 100644
index 0000000..899efa1
--- /dev/null
+++ b/anolis-courses/cloud-native/running_runD/step4.md
@@ -0,0 +1,38 @@
+1. 下面使用crictl来启动rund，需要先安装crictl命令工具
+[[ wget https://cloud-native.oss-cn-shanghai.aliyuncs.com/runtime/crictl-v1.24.2-linux-amd64.tar.gz ]]
+
+2. 解压安装包
+[[ tar -zxvf crictl-v1.24.2-linux-amd64.tar.gz -C /usr/local/bin/ ]]
+
+3. 配置crictl命令
+[[ cat << EOF > /etc/crictl.yaml
+runtime-endpoint: unix:///run/containerd/containerd.sock
+image-endpoint: unix:///run/containerd/containerd.sock
+timeout: 10
+debug: false
+EOF ]]
+
+4. 使用crictl来pull需要启动的镜像
+[[ crictl pull busybox ]]
+
+5. 添加运行pod的配置文件
+[[ cat << EOF > sandbox-config.json
+{
+    "metadata": {
+        "name": "test-sandbox",
+        "namespace": "default",
+        "attempt": 1,
+        "uid": "95cb1cf47c4abb12d437f3"
+    },
+    "linux": {
+        "security_context": {
+          "namespace_options": {
+              "network" : 2
+          }
+       }
+    }
+}
+EOF ]]
+
+6. 使用rund来运行pod
+[[ crictl runp -r rund sandbox-config.json ]]
-- 
Gitee