I am seeing tests fail at times waiting for label cleanup. Let's improve
the error message when this fails, and give the control plane a bit more
time, to improve stability of this test.
Fixes: #846
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Recent runs of setting up aks with github workflows shows that a timeout
of 5m is not always sufficent fot aks control plane to come up.
Increase this from 5m to 10m.
Fixes#839
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
By default, k3s uses an embedded containerd. Reconfiguring this
containerd requires modifying a template config file and restarting the
k3s (master node) or k3s-agent (worker node) systemd service.
Signed-off-by: Brandon Wilson <brandon@coil.com>
Use correct key for the kata-qemu-virtiofs runtime class definition
in the crio configuration file.
Fixes: #771.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Create a container based action which will test a Kata artifact tarball
in the kata-deploy daemonset on AKS. This AZ credentials are available
from the callers environment.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
When building the kata-deploy images before, we would look to pull the
latest artifacts from the release URL.
It would be better to allow the user to pull from this URL, or to create
the artifacts locally, and pass the location of this tar.xz to the build
process.
Instead of providing KATA_VER, builders should provide KATA_ARTIFACTS,
which is the filename that is assumed to be located within the docker
build path.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
We need an entry of `kata-qemu-virtiofs` on the
containerd configuration file.
In addition we need to add `kata-qemu-virtiofs` to the
shim list, so that the wrapper is created for shimv2.
Fixes: #760.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
This adds the kata deploy for QEMU and kernel with virtio-fs 3.0
Depends-on: github.com/kata-containers/runtime#2052
Fixes#709
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
update yaml, and update README to describe creation of the CRD in
Kubernetes versions < 1.14.
Fixes: #560
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Correct typos and resolve formatting issues including incorrect heading
levels and missing TOC entries.
Fixes: #541.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Change the kata-deploy doc to get rid of code-snippets
and instead include instructions to apply the provided
RuntimeClass yaml according to the k8s version being used.
Fixes#457
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Prior to this, some of the binaries installed by kata were not owned by
root. Any user can write/replace these binaries.
This was happening as tar perserves ownership while creating the
archive.
Change the ownership of all binaries to root.
Fixes#489
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
If the container has had to restart, lack of overwrite here causes a benign error message to appear since the nodes already have `katacontainers.io/kata-runtime=true` label. Having a overwrite here means that we don't get the following error message:
error: 'katacontainers.io/kata-runtime' already has a value (true), and --overwrite is false
Signed-off-by: Bharat Kunwar <b.kunwar@gmail.com>
Add the yaml for kata RuntimeClasses. It is useful to
include this explicitly, rather than just having it in the docs.
Also, this feature has transitioned from alpha to beta from k8s 1.13
to 1.14. Hence maintain separate yamls for these versions.
Fixes#444
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When writing our runtime configs to crio.conf, let's add some
whitespace and comments to make it clearer, and fit in with the
rest of the crio.conf file.
Fixes: #412
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
We no longer use the TrustedSandbox style annotations now we
have moved to the RuntimeClass method of choosing a runtime.
Drop the remaining Trusted items from the examples.
Fixes: #403
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Rather than add the config for kata-qemu and kata-fc unconditionally,
the script now checks if the runtime config exists.
If it exists, then do not chnage the path for the runtime.
The user may have configured this to a specific path for testing
local chnages.
Fixes#374
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Eventually containerd will allow us to provide an argument for a given
runtime handler, but in the meantime, let's use bash to provide
indirection to specify the appropriate configuration file.
Only QEMU is handled until we have a block based snapshotter available.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Add support for the v2-shim integration with containerd. This registers
a runtimeClass named 'kata', utilizing the containerd-shim-kata-v2
binary.
This change adds volume mounts (hopefully temporarily) for
/usr/local/bin, as containerd requires the shim binary be within the
existing path.
Fixes: #323
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
kata-deploy inserts 'manage_network_ns_lifecycle' into crio.conf without any
prior checks and if there is a previous entry in the file, this becomes a
duplicate causing crio service restart issues. This patch addresses that
particular scenario.
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
With the 1.5 release, we made several changes:
-simplification of daemonsets
-introduction of runtimeClass
Update documentation to take this into account.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Before the kata-deploy container image was intended to be
used with only Kubernetes. This commit adds a script for configuring
Kata to run with Docker.
This assumes > release 1.5 of Kata, as Firecracker is being configured
as well as QEMU based Kata. Note, in order for this to work, Docker must
be configured to use a block-based storage driver.
To succeed, it the following directories must be mounted:
- /opt/kata - this is the location that the kata artifacts are stored
- /run/systemd - for reloading the docker service
- /var/run/dbus - for reloading the docker service
- /etc/docker - for updating the docker configuration (daemon.json)
usage: kata-deploy-kata [install | remove]
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Simplify the yaml and combine the prior scripts. The resulting script,
kata-deploy.sh, is used for install and configuration and
removal for CRI-O and containerd. While this could be used standalone
outside of daemonsets, today it will sleep infinity after processing the
request, since it is assumed to be called by a daemon.
By checking the CRI runtime within the script itself, we no longer need
to support many daemonsets for deploy - just a single. Still requires a
seperate cleanup daemonset (for restarting the CRI runtime), and an
RBAC.
Verified with CRI-O -- containerd testing WIP
Throwing this up now for feedback since I do not bash good.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Saikrishna Edupuganti <saikrishna.edupuganti@intel.com>
1.2.0 release changed the tarball file layout for the
Kata artifacts. Adjust scripts accordingly.
Fixes: #142
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
kata-deploy container image changed format slightly as we've changed
the release tarball. Update to 1.2.0 and make adjustments accordingly.
Fixes: #135
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
