deploy/clusters/addons/
build/
.vagrant/
+deploy/kata/logs/
--- /dev/null
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: kata-deploy
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ name: kata-deploy
+ template:
+ metadata:
+ labels:
+ name: kata-deploy
+ spec:
+ serviceAccountName: kata-label-node
+ containers:
+ - name: kube-kata
+ image: katadocker/kata-deploy:2.1.0-rc0
+ imagePullPolicy: Always
+ lifecycle:
+ preStop:
+ exec:
+ command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"]
+ command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install" ]
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ securityContext:
+ privileged: false
+ volumeMounts:
+ - name: crio-conf
+ mountPath: /etc/crio/
+ - name: containerd-conf
+ mountPath: /etc/containerd/
+ - name: kata-artifacts
+ mountPath: /opt/kata/
+ - name: dbus
+ mountPath: /var/run/dbus
+ - name: systemd
+ mountPath: /run/systemd
+ - name: local-bin
+ mountPath: /usr/local/bin/
+ volumes:
+ - name: crio-conf
+ hostPath:
+ path: /etc/crio/
+ - name: containerd-conf
+ hostPath:
+ path: /etc/containerd/
+ - name: kata-artifacts
+ hostPath:
+ path: /opt/kata/
+ type: DirectoryOrCreate
+ - name: dbus
+ hostPath:
+ path: /var/run/dbus
+ - name: systemd
+ hostPath:
+ path: /run/systemd
+ - name: local-bin
+ hostPath:
+ path: /usr/local/bin/
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: 1
+ type: RollingUpdate
--- /dev/null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kata-label-node
+ namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: node-labeler
+rules:
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kata-label-node-rb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: node-labeler
+subjects:
+- kind: ServiceAccount
+ name: kata-label-node
+ namespace: kube-system
+
--- /dev/null
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1beta1
+metadata:
+ name: kata-qemu-virtiofs
+handler: kata-qemu-virtiofs
+overhead:
+ podFixed:
+ memory: "160Mi"
+ cpu: "250m"
+scheduling:
+ nodeSelector:
+ katacontainers.io/kata-runtime: "true"
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1beta1
+metadata:
+ name: kata-qemu
+handler: kata-qemu
+overhead:
+ podFixed:
+ memory: "160Mi"
+ cpu: "250m"
+scheduling:
+ nodeSelector:
+ katacontainers.io/kata-runtime: "true"
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1beta1
+metadata:
+ name: kata-clh
+handler: kata-clh
+overhead:
+ podFixed:
+ memory: "130Mi"
+ cpu: "250m"
+scheduling:
+ nodeSelector:
+ katacontainers.io/kata-runtime: "true"
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1beta1
+metadata:
+ name: kata-fc
+handler: kata-fc
+overhead:
+ podFixed:
+ memory: "130Mi"
+ cpu: "250m"
+scheduling:
+ nodeSelector:
+ katacontainers.io/kata-runtime: "true"
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- kata-deploy.yaml
+- kata-rbac.yaml
+- kata-runtimeClasses.yaml
--- /dev/null
+#!/usr/bin/env bash
+set -eux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/logging.sh
+source $LIBDIR/common.sh
+
+KATA_VERSION="2.1.0-rc0"
+KATA_WEBHOOK_VERSION="2.1.0-rc0"
+
+KATA_DEPLOY_URL="https://raw.githubusercontent.com/kata-containers/kata-containers/${KATA_VERSION}/tools/packaging/kata-deploy"
+KATA_WEBHOOK_URL="https://raw.githubusercontent.com/kata-containers/tests/${KATA_WEBHOOK_VERSION}/kata-webhook"
+KATA_WEBHOOK_DIR="/opt/src/kata_webhook"
+KATA_WEBHOOK_RUNTIMECLASS="kata-clh"
+
+# This may be used to update the in-place Kata YAML files from the
+# upstream project.
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ curl -sL ${KATA_DEPLOY_URL}/kata-rbac/base/kata-rbac.yaml -o ${SCRIPTDIR}/base/kata-rbac.yaml
+ curl -sL ${KATA_DEPLOY_URL}/kata-deploy/base/kata-deploy.yaml -o ${SCRIPTDIR}/base/kata-deploy.yaml
+ curl -sL ${KATA_DEPLOY_URL}/runtimeclasses/kata-runtimeClasses.yaml -o ${SCRIPTDIR}/base/kata-runtimeClasses.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree Kata YAML files
+EOF
+ ;;
+esac
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: kata
+ namespace: flux-system
+spec:
+ interval: 10m0s
+ path: ./deploy/kata/base
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn