86 Star 471 Fork 273

GVPopenEuler / iSulad

Create your Gitee Account
Explore and code with more than 12 million developers,Free private repositories !:)
Sign up
Clone or Download
k8s_integration.md 6.00 KB
Copy Edit Raw Blame History
jake authored 2024-05-21 01:13 . add enable cri v1 in k8s integration

kubernetes integration

Configuration

  1. Configure isulad

    Configure the pod-sandbox-image in /etc/isulad/daemon.json:

    "pod-sandbox-image": "my-pause:1.0.0"

    Configure the endpointof isulad:

    "hosts": [
            "unix:///var/run/isulad.sock"
        ]

    if hosts is not configured, the default endpoint is unix:///var/run/isulad.sock.

    iSulad supports both CRI V1alpha2 and CRI V1, and uses CRI V1alph2 by default. If CRI V1 is required, it can be configured in /etc/isulad/daemon.json to enable CRI V1:

        "enable-cri-v1": true,

    If iSulad is compiled from source codes, -D ENABLE_CRI_API_V1=ON option is required in cmake.

  2. Restart isulad:

    $ sudo systemctl restart isulad
  3. Start kubelet based on the configuration or default value:

    $ /usr/bin/kubelet 
    --container-runtime-endpoint=unix:///var/run/isulad.sock
    --image-service-endpoint=unix:///var/run/isulad.sock 
    --pod-infra-container-image=my-pause:1.0.0
    --container-runtime=remote
    ...

Use RuntimeClass

RuntimeClass is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers. For more information, please refer to runtime-class. Currently isulad only supports kata-containers and runc.

  1. Configure isulad in /etc/isulad/daemon.json:

    "runtimes": {
            "kata-runtime": {
                "path": "/usr/bin/kata-runtime",
                "runtime-args": [
                    "--kata-config",
                    "/usr/share/defaults/kata-containers/configuration.toml"
                ]
            }
        }
  2. Extra configuration

    iSulad supports the overlay2 and devicemapper as storage drivers. The default value is overlay2.

    In some scenarios, using block device type as storage drivers is a better choice, such as run a kata-containers. The procedure for configuring the devicemapper is as follows:

    First, create ThinPool:

    $ sudo pvcreate /dev/sdb1 # /dev/sdb1 for example
    $ sudo vgcreate isulad /dev/sdb
    $ sudo echo y | lvcreate --wipesignatures y -n thinpool isulad -L 200G
    $ sudo echo y | lvcreate --wipesignatures y -n thinpoolmeta isulad -L 20G
    $ sudo lvconvert -y --zero n -c 512K --thinpool isulad/thinpool --poolmetadata isulad/thinpoolmeta
    $ sudo lvchange --metadataprofile isulad-thinpool isulad/thinpool

    Then,add configuration for devicemapper in /etc/isulad/daemon.json:

    "storage-driver": "devicemapper"
    "storage-opts": [
    		"dm.thinpooldev=/dev/mapper/isulad-thinpool",
    	    "dm.fs=ext4",
    	    "dm.min_free_space=10%"
        ]
  3. Restart isulad:

    $ sudo systemctl restart isulad
  4. Create kata-runtime.yaml. For example:

    apiVersion: node.k8s.io/v1beta1
    kind: RuntimeClass
    metadata:
      name: kata-runtime
    handler: kata-runtime

    Execute kubectl apply -f kata-runtime.yaml

  5. Create pod spec kata-pod.yaml. For example:

    apiVersion: v1
    kind: Pod
    metadata:
      name: kata-pod-example
    spec:
      runtimeClassName: kata-runtime
      containers:
      - name: kata-pod
        image: busybox:latest
        command: ["/bin/sh"]
        args: ["-c", "sleep 1000"]
  6. Run pod:

    $ kubectl create -f kata-pod.yaml
    $ kubectl get pod
    NAME               READY   STATUS    RESTARTS   AGE
    kata-pod-example   1/1     Running   4          2s

CNI Network Configuration

iSulad realize the CRI interface to connect to the CNI network, parse the CNI network configuration files, join or exit CNI network. In this section, we call CRI interface to start pod to verify the CNI network configuration for simplicity.

  1. Configure isulad in /etc/isulad/daemon.json :

    "network-plugin": "cni",
    "cni-bin-dir": "/opt/cni/bin",
    "cni-conf-dir": "/etc/cni/net.d",
  2. Prepare CNI network plugins:

    Compile and genetate the CNI plugin binaries, and copy binaries to the directory /opt/cni/bin.

    $ git clone https://github.com/containernetworking/plugins.git
    $ cd plugins && ./build_linux.sh
    $ cd ./bin && ls
    bandwidth bridge dhcp firewall flannel ...
  3. Prepare CNI network configuration:

    The conf file suffix can be .conflist or .conf, the difference is whether it contains multiple plugins. For example, we create 10-mynet.conflist file under directory /etc/cni/net.d/, the content is as follows:

    {
        "cniVersion": "0.3.1",
        "name": "default",
        "plugins": [
            {
                "name": "default",
                "type": "ptp",
                "ipMasq": true,
                "ipam": {
                    "type": "host-local",
                    "subnet": "10.1.0.0/16",
                    "routes": [
                        {
                            "dst": "0.0.0.0/0"
                        }
                    ]
                }
            },
            {
                "type": "portmap",
                "capabilities": {
                    "portMappings": true
                }
            }
        ]
    }
  4. Configure sandbox-config.json :

    {
        "port_mappings":[{"protocol": 1, "container_port": 80, "host_port": 8080}],
        "metadata": {
            "name": "test",
            "namespace": "default",
            "attempt": 1,
            "uid": "hdishd83djaidwnduwk28bcsb"
        },
        "labels": {
    	    "filter_label_key": "filter_label_val" 
        },
        "linux": {
        }
    }
  5. Restart isulad and start Pod:

    $ sudo systemctl restart isulad
    $ sudo crictl -i unix:///var/run/isulad.sock -r unix:///var/run/isulad.sock runp sandbox-config.json
  6. View pod network informations:

    $ sudo crictl -i unix:///var/run/isulad.sock -r unix:///var/run/isulad.sock inspectp <pod-id>
C
1
https://gitee.com/openeuler/iSulad.git
git@gitee.com:openeuler/iSulad.git
openeuler
iSulad
iSulad
master

Search

53164aa7 5694891 3bd8fe86 5694891