From: Todd Malsbary Date: Mon, 1 Nov 2021 17:52:18 +0000 (-0700) Subject: Add Kata to e2etest site X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F89%2F4489%2F3;p=icn.git Add Kata to e2etest site Signed-off-by: Todd Malsbary Change-Id: I6570d0d264fa05b24722c122c943048674a5c6cd --- diff --git a/.gitignore b/.gitignore index 867fce4..33f3583 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ env/metal3/logs/ deploy/clusters/addons/ build/ .vagrant/ +deploy/kata/logs/ diff --git a/deploy/kata/base/kata-deploy.yaml b/deploy/kata/base/kata-deploy.yaml new file mode 100644 index 0000000..67f7a83 --- /dev/null +++ b/deploy/kata/base/kata-deploy.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kata-deploy + namespace: kube-system +spec: + selector: + matchLabels: + name: kata-deploy + template: + metadata: + labels: + name: kata-deploy + spec: + serviceAccountName: kata-label-node + containers: + - name: kube-kata + image: katadocker/kata-deploy:2.1.0-rc0 + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"] + command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install" ] + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + privileged: false + volumeMounts: + - name: crio-conf + mountPath: /etc/crio/ + - name: containerd-conf + mountPath: /etc/containerd/ + - name: kata-artifacts + mountPath: /opt/kata/ + - name: dbus + mountPath: /var/run/dbus + - name: systemd + mountPath: /run/systemd + - name: local-bin + mountPath: /usr/local/bin/ + volumes: + - name: crio-conf + hostPath: + path: /etc/crio/ + - name: containerd-conf + hostPath: + path: /etc/containerd/ + - name: kata-artifacts + hostPath: + path: /opt/kata/ + type: DirectoryOrCreate + - name: dbus + hostPath: + path: /var/run/dbus + - name: systemd + hostPath: + path: /run/systemd + - name: local-bin + hostPath: + path: /usr/local/bin/ + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate diff --git a/deploy/kata/base/kata-rbac.yaml b/deploy/kata/base/kata-rbac.yaml new file mode 100644 index 0000000..408b5be --- /dev/null +++ b/deploy/kata/base/kata-rbac.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kata-label-node + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: node-labeler +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kata-label-node-rb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: node-labeler +subjects: +- kind: ServiceAccount + name: kata-label-node + namespace: kube-system + diff --git a/deploy/kata/base/kata-runtimeClasses.yaml b/deploy/kata/base/kata-runtimeClasses.yaml new file mode 100644 index 0000000..fd8bc85 --- /dev/null +++ b/deploy/kata/base/kata-runtimeClasses.yaml @@ -0,0 +1,52 @@ +--- +kind: RuntimeClass +apiVersion: node.k8s.io/v1beta1 +metadata: + name: kata-qemu-virtiofs +handler: kata-qemu-virtiofs +overhead: + podFixed: + memory: "160Mi" + cpu: "250m" +scheduling: + nodeSelector: + katacontainers.io/kata-runtime: "true" +--- +kind: RuntimeClass +apiVersion: node.k8s.io/v1beta1 +metadata: + name: kata-qemu +handler: kata-qemu +overhead: + podFixed: + memory: "160Mi" + cpu: "250m" +scheduling: + nodeSelector: + katacontainers.io/kata-runtime: "true" +--- +kind: RuntimeClass +apiVersion: node.k8s.io/v1beta1 +metadata: + name: kata-clh +handler: kata-clh +overhead: + podFixed: + memory: "130Mi" + cpu: "250m" +scheduling: + nodeSelector: + katacontainers.io/kata-runtime: "true" +--- +kind: RuntimeClass +apiVersion: node.k8s.io/v1beta1 +metadata: + name: kata-fc +handler: kata-fc +overhead: + podFixed: + memory: "130Mi" + cpu: "250m" +scheduling: + nodeSelector: + katacontainers.io/kata-runtime: "true" diff --git a/deploy/kata/base/kustomization.yaml b/deploy/kata/base/kustomization.yaml new file mode 100644 index 0000000..8aa9b02 --- /dev/null +++ b/deploy/kata/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- kata-deploy.yaml +- kata-rbac.yaml +- kata-runtimeClasses.yaml diff --git a/deploy/kata/kata.sh b/deploy/kata/kata.sh new file mode 100755 index 0000000..f0d1b3c --- /dev/null +++ b/deploy/kata/kata.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +set -eux -o pipefail + +SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))" +LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib" + +source $LIBDIR/logging.sh +source $LIBDIR/common.sh + +KATA_VERSION="2.1.0-rc0" +KATA_WEBHOOK_VERSION="2.1.0-rc0" + +KATA_DEPLOY_URL="https://raw.githubusercontent.com/kata-containers/kata-containers/${KATA_VERSION}/tools/packaging/kata-deploy" +KATA_WEBHOOK_URL="https://raw.githubusercontent.com/kata-containers/tests/${KATA_WEBHOOK_VERSION}/kata-webhook" +KATA_WEBHOOK_DIR="/opt/src/kata_webhook" +KATA_WEBHOOK_RUNTIMECLASS="kata-clh" + +# This may be used to update the in-place Kata YAML files from the +# upstream project. +function build_source { + mkdir -p ${SCRIPTDIR}/base + curl -sL ${KATA_DEPLOY_URL}/kata-rbac/base/kata-rbac.yaml -o ${SCRIPTDIR}/base/kata-rbac.yaml + curl -sL ${KATA_DEPLOY_URL}/kata-deploy/base/kata-deploy.yaml -o ${SCRIPTDIR}/base/kata-deploy.yaml + curl -sL ${KATA_DEPLOY_URL}/runtimeclasses/kata-runtimeClasses.yaml -o ${SCRIPTDIR}/base/kata-runtimeClasses.yaml + pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd +} + +case $1 in + "build-source") build_source ;; + *) cat <