diff --git a/.circleci/config.yml b/.circleci/config.yml index 021c698..bf0ba68 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -68,7 +68,6 @@ image_build: &image_build load kubernetes-docker-image-cache-control-plane ;; cri-containerd) - load cri-containerd ;; *) echo "Unknown $KUBE_RUNTIME" @@ -196,8 +195,6 @@ jobs: pkg-kubelet: <<: *linuxkit_pkg_build - pkg-cri-containerd: - <<: *linuxkit_pkg_build pkg-kube-e2e-test: <<: *linuxkit_pkg_build @@ -220,6 +217,13 @@ jobs: environment: - KUBE_RUNTIME: docker - KUBE_NETWORK: bridge + image-docker-calico: + <<: *image_build + # Needs to be configured/enabled by CircleCI person + #resource_class: large + environment: + - KUBE_RUNTIME: docker + - KUBE_NETWORK: calico image-cri-containerd-weave: <<: *image_build @@ -231,6 +235,11 @@ jobs: environment: - KUBE_RUNTIME: cri-containerd - KUBE_NETWORK: bridge + image-cri-containerd-calico: + <<: *image_build + environment: + - KUBE_RUNTIME: cri-containerd + - KUBE_NETWORK: calico push-pkgs-to-hub: docker: @@ -275,7 +284,6 @@ jobs: cp .circleci/content-trust.key ~/.docker/trust/private/b056f84873aa0be205dfe826afa6e7458120c9569dd19a2a84154498fb1165d5.key linuxkit pkg push --nobuild pkg/kubelet - linuxkit pkg push --nobuild pkg/cri-containerd linuxkit pkg push --nobuild pkg/kube-e2e-test linuxkit pkg push --nobuild pkg/kubernetes-docker-image-cache-common linuxkit pkg push --nobuild pkg/kubernetes-docker-image-cache-control-plane @@ -292,9 +300,6 @@ workflows: - pkg-kubelet: requires: - dependencies - - pkg-cri-containerd: - requires: - - dependencies - pkg-kube-e2e-test: requires: - dependencies @@ -317,16 +322,24 @@ workflows: - pkg-kubelet - pkg-kubernetes-docker-image-cache-common - pkg-kubernetes-docker-image-cache-control-plane + - image-docker-calilco: + requires: + - dependencies + - pkg-kubelet + - pkg-kubernetes-docker-image-cache-common + - pkg-kubernetes-docker-image-cache-control-plane - image-cri-containerd-weave: requires: - dependencies - pkg-kubelet - - pkg-cri-containerd - image-cri-containerd-bridge: requires: - dependencies - pkg-kubelet - - pkg-cri-containerd + - image-cri-containerd-calico: + requires: + - dependencies + - pkg-kubelet - push-pkgs-to-hub: # We want everything to have passed, which is a bit @@ -335,11 +348,12 @@ workflows: requires: - lint - pkg-kubelet - - pkg-cri-containerd - pkg-kube-e2e-test - pkg-kubernetes-docker-image-cache-common - pkg-kubernetes-docker-image-cache-control-plane - image-docker-weave - image-docker-bridge + - image-docker-calico - image-cri-containerd-weave - image-cri-containerd-bridge + - image-cri-containerd-calico diff --git a/.gitignore b/.gitignore index d8f30c0..477b9c7 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ kube-*-cmdline kube-*-initrd.img kube-*-state kube-weave.yaml +kube-calico.yaml diff --git a/Makefile b/Makefile index 3ece7f8..6dea15e 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,7 @@ KUBE_RUNTIME ?= docker KUBE_NETWORK ?= weave KUBE_NETWORK_WEAVE ?= v2.2.1 +KUBE_NETWORK_CALICO ?= v3.1 ifeq ($(shell uname -s),Darwin) KUBE_FORMATS ?= iso-efi @@ -27,10 +28,14 @@ yml/weave.yml: kube-weave.yaml kube-weave.yaml: curl -L -o $@ https://cloud.weave.works/k8s/v1.8/net?v=$(KUBE_NETWORK_WEAVE) +yml/calico.yml: kube-calico.yaml + +kube-calico.yaml: + curl -L -o $@ https://docs.projectcalico.org/${KUBE_NETWORK_CALICO}/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml + .PHONY: update-hashes update-hashes: set -e ; for tag in $$(linuxkit pkg show-tag pkg/kubelet) \ - $$(linuxkit pkg show-tag pkg/cri-containerd) \ $$(linuxkit pkg show-tag pkg/kubernetes-docker-image-cache-common) \ $$(linuxkit pkg show-tag pkg/kubernetes-docker-image-cache-control-plane) ; do \ image=$${tag%:*} ; \ @@ -41,7 +46,7 @@ update-hashes: clean: rm -f -r \ kube-*-kernel kube-*-cmdline kube-*-state kube-*-initrd.img *.iso \ - kube-weave.yaml + kube-weave.yaml kube-calico.yaml .PHONY: refresh-image-caches refresh-image-caches: diff --git a/README.md b/README.md index 5522c80..0c5df37 100644 --- a/README.md +++ b/README.md @@ -28,9 +28,9 @@ To build the default OS images: make all ``` -By default this will build images using Docker Engine for execution. To instead use cri-containerd use: +By default this will build images using Docker Engine for execution and weave for networking. To instead use cri-containerd and calico use: ``` -make all KUBE_RUNTIME=cri-containerd +make all KUBE_RUNTIME=cri-containerd KUBE_NETWORK=calico ``` ## Booting and initialising OS images @@ -44,6 +44,11 @@ or, to automatically initialise the cluster upon boot with no additional options KUBE_MASTER_AUTOINIT="" ./boot.sh ``` +If using calico for networking: +``` +KUBE_MASTER_AUTOINIT="--pod-network-cidr=192.168.0.0/16" ./boot.sh +``` + Get IP address of the master: ``` ip addr show dev eth0 diff --git a/pkg/cri-containerd/Dockerfile b/pkg/cri-containerd/Dockerfile deleted file mode 100644 index 84144be..0000000 --- a/pkg/cri-containerd/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -FROM linuxkit/alpine:f3cd219615428b2bd943411723eb28875275fae7 AS build - -RUN \ - apk add \ - bash \ - gcc \ - git \ - go \ - libc-dev \ - libseccomp-dev \ - linux-headers \ - make \ - && true -ENV GOPATH=/go PATH=$PATH:/go/bin - -ENV CRI_CONTAINERD_URL https://github.com/containerd/cri-containerd.git -#ENV CRI_CONTAINERD_BRANCH pull/NNN/head -# This is the `standalone-cri-containerd` branch, which is at the point right before standalone mode was deleted. -ENV CRI_CONTAINERD_COMMIT 64b098a293831f742aeb3dd3e48a5405990c14c5 -RUN mkdir -p $GOPATH/src/github.com/containerd && \ - cd $GOPATH/src/github.com/containerd && \ - git clone $CRI_CONTAINERD_URL cri-containerd -WORKDIR $GOPATH/src/github.com/containerd/cri-containerd -RUN set -e; \ - if [ -n "$CRI_CONTAINERD_BRANCH" ] ; then \ - git fetch origin "$CRI_CONTAINERD_BRANCH"; \ - fi; \ - git checkout -q $CRI_CONTAINERD_COMMIT -RUN make static-binaries BUILD_TAGS="seccomp" - -RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ -# util-linux because a full ns-enter is required. -# example commands: /usr/bin/nsenter --net= -F -- -# /usr/bin/nsenter --net=/var/run/netns/cni-5e8acebe-810d-c1b9-ced0-47be2f312fa8 -F -- -# NB the first ("--net=") is actually not valid -- see https://github.com/containerd/cri/issues/245 -RUN apk add --no-cache --initdb -p /out \ - alpine-baselayout \ - busybox \ - ca-certificates \ - iptables \ - util-linux \ - socat \ - && true -# Remove apk residuals. We have a read-only rootfs, so apk is of no use. -RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache - -RUN make DESTDIR=/out install - -FROM scratch -WORKDIR / -# `rootfsPropagation: shared` (used in `build.yml`) appears to be broken at the moment, workaround that issue here. -#ENTRYPOINT ["cri-containerd", "--log-level", "info", "--network-bin-dir", "/opt/cni/bin", "--network-conf-dir", "/etc/cni/net.d"] -ENTRYPOINT ["/bin/sh", "-c", "set -ex; mount --make-shared / && exec cri-containerd --log-level info --network-bin-dir /opt/cni/bin --network-conf-dir /etc/cni/net.d"] -COPY --from=build /out / diff --git a/pkg/cri-containerd/build.yml b/pkg/cri-containerd/build.yml deleted file mode 100644 index 8c14d16..0000000 --- a/pkg/cri-containerd/build.yml +++ /dev/null @@ -1,32 +0,0 @@ -org: linuxkit -image: cri-containerd -network: true -arches: - - amd64 -config: - binds: - - /etc/resolv.conf:/etc/resolv.conf - - /run:/run:rshared,rbind - - /dev:/dev - - /tmp:/tmp - - /var:/var:rshared,rbind - - /var/lib/kubeadm:/etc/kubernetes - - /var/lib/cni/conf:/etc/cni/net.d:rshared,rbind - - /var/lib/cni/bin:/opt/cni/bin:rshared,rbind - - /run/containerd/containerd.sock:/run/containerd/containerd.sock - - /var/lib/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins:rshared,rbind - mounts: - - type: bind - source: /sys/fs/cgroup - destination: /sys/fs/cgroup - options: ["rw","rbind","rshared","nosuid","noexec","nodev","relatime"] - capabilities: - - all - rootfsPropagation: shared - pid: host - runtime: - mkdir: - - /var/lib/kubeadm - - /var/lib/cni/conf - - /var/lib/cni/bin - - /var/lib/kubelet-plugins diff --git a/pkg/kubelet/Dockerfile b/pkg/kubelet/Dockerfile index 7ab1c2d..6b0aea4 100644 --- a/pkg/kubelet/Dockerfile +++ b/pkg/kubelet/Dockerfile @@ -3,9 +3,9 @@ FROM linuxkit/alpine:f3cd219615428b2bd943411723eb28875275fae7 AS build # When changing kubernetes_version remember to also update: # - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level # - pkg/e2e-test/Dockerfile -ENV kubernetes_version v1.10.0 +ENV kubernetes_version v1.10.2 ENV cni_version v0.7.1 -ENV critools_version v1.0.0-alpha.0 +ENV critools_version v1.0.0-beta.0 RUN apk add -U --no-cache \ bash \ diff --git a/test/cases/000_smoke/005_cri-calico/test.sh b/test/cases/000_smoke/005_cri-calico/test.sh new file mode 100755 index 0000000..5ffddb1 --- /dev/null +++ b/test/cases/000_smoke/005_cri-calico/test.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# SUMMARY: build and boot using cri-containerd runtime and Calico networking +# LABELS: + +runtime=cri-containerd +network=calico + +# Doesn't return +. ../common.sh diff --git a/test/cases/000_smoke/006_docker-calico/test.sh b/test/cases/000_smoke/006_docker-calico/test.sh new file mode 100755 index 0000000..2dc343d --- /dev/null +++ b/test/cases/000_smoke/006_docker-calico/test.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# SUMMARY: build and boot using Docker runtime and Calico networking +# LABELS: + +runtime=docker +network=calico + +# Doesn't return +. ../common.sh diff --git a/yml/calico.yml b/yml/calico.yml new file mode 100644 index 0000000..24cd5a5 --- /dev/null +++ b/yml/calico.yml @@ -0,0 +1,3 @@ +files: + - path: /etc/kubeadm/kube-system.init/50-calico.yaml + source: kube-calico.yaml diff --git a/yml/cri-containerd.yml b/yml/cri-containerd.yml index 91f054e..dbc783f 100644 --- a/yml/cri-containerd.yml +++ b/yml/cri-containerd.yml @@ -1,8 +1,23 @@ -services: - - name: cri-containerd - image: linuxkit/cri-containerd:474d704f6dcb173b10768ab1d1bd61674468c7f9 - cgroupsPath: podruntime/cri-containerd files: + - path: /etc/crictl.yaml + contents: | + runtime-endpoint: unix:///run/containerd/containerd.sock + image-endpoint: unix:///run/containerd/containerd.sock + timeout: 10 + - path: /etc/containerd/config.toml + contents: | + state = "/run/containerd" + root = "/var/lib/containerd" + snapshotter = "io.containerd.snapshotter.v1.overlayfs" + [grpc] + address = "/run/containerd/containerd.sock" + uid = 0 + gid = 0 + [debug] + address = "/run/containerd/debug.sock" + level = "info" + [metrics] + address = "" - path: /etc/kubelet.sh.conf contents: | - KUBELET_ARGS="--container-runtime=remote --container-runtime-endpoint=unix:///var/run/cri-containerd.sock" + KUBELET_ARGS="--container-runtime=remote --container-runtime-endpoint=unix:///run/containerd/containerd.sock" diff --git a/yml/kube.yml b/yml/kube.yml index 6d5aad8..996d2d4 100644 --- a/yml/kube.yml +++ b/yml/kube.yml @@ -1,10 +1,10 @@ kernel: - image: linuxkit/kernel:4.14.32 + image: linuxkit/kernel:4.14.39 cmdline: "console=tty0 console=ttyS0" init: - - linuxkit/init:be60dd1cb15ad39225512b6753304571d8c2fb17 - - linuxkit/runc:1b67e997c720301c62052c8f29f5629ad751199b - - linuxkit/containerd:87ea9b027267b26bf5cc2d10a50c3eb9b5017df4 + - linuxkit/init:11929b0007b87384f7372e9265067479c4616586 + - linuxkit/runc:acba8886e4b1318457c711700f695a02fef9493d + - linuxkit/containerd:f197e7cbb2ede4370b75127c76de6f7b2e3d9873 - linuxkit/ca-certificates:fb5c7bf842a330f5b47cdf71f950fe0c85f4a772 onboot: - name: sysctl @@ -24,6 +24,11 @@ onboot: - name: mounts image: linuxkit/mount:0eba853dfa99f01166831c30f37f6bb818b61f2f command: ["/usr/bin/mountie", "/var/lib/"] + - name: dir-hack + image: busybox:latest + command: ["mkdir", "-p", "/var/lib/cni/conf", "/var/lib/cni/bin"] + binds: + - /var:/var:rshared,rbind services: - name: getty image: linuxkit/getty:32247863cace34f3b441b4c5d9d3f5cb5f64d189 @@ -40,7 +45,7 @@ services: image: linuxkit/sshd:39d6bdc9a7489ceffa761ad5cb96c87b50d6732d cgroupsPath: systemreserved/sshd - name: kubelet - image: linuxkit/kubelet:ddd2e094e44aae9bab3eb3b8d378d2383d6cda01 + image: linuxkit/kubelet:1775276ba903b90615d91f0bd034a527163ffbd4 cgroupsPath: podruntime/kubelet files: - path: etc/linuxkit.yml