Browse Source

Add youki runtime support (#8411)

pull/8464/head
Victor Morales 2 years ago
committed by GitHub
parent
commit
e88aa7c96b
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 269 additions and 0 deletions
  1. 1
      docs/ansible.md
  2. 7
      roles/container-engine/cri-o/defaults/main.yml
  3. 6
      roles/container-engine/cri-o/tasks/main.yaml
  4. 8
      roles/container-engine/meta/main.yml
  5. 3
      roles/container-engine/youki/defaults/main.yml
  6. 11
      roles/container-engine/youki/molecule/default/converge.yml
  7. 17
      roles/container-engine/youki/molecule/default/files/10-mynet.conf
  8. 10
      roles/container-engine/youki/molecule/default/files/container.json
  9. 10
      roles/container-engine/youki/molecule/default/files/sandbox.json
  10. 45
      roles/container-engine/youki/molecule/default/molecule.yml
  11. 48
      roles/container-engine/youki/molecule/default/prepare.yml
  12. 29
      roles/container-engine/youki/molecule/default/tests/test_default.py
  13. 12
      roles/container-engine/youki/tasks/main.yml
  14. 24
      roles/download/defaults/main.yml
  15. 9
      roles/kubernetes-apps/container_runtimes/meta/main.yml
  16. 19
      roles/kubernetes-apps/container_runtimes/youki/tasks/main.yaml
  17. 6
      roles/kubernetes-apps/container_runtimes/youki/templates/runtimeclass-youki.yml
  18. 4
      roles/kubespray-defaults/defaults/main.yaml

1
docs/ansible.md

@ -202,6 +202,7 @@ The following tags are defined in playbooks:
| vsphere-csi-driver | Configuring csi driver: vsphere
| weave | Network plugin Weave
| win_nodes | Running windows specific tasks
| youki | Configuring youki runtime
Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
tags found in the codebase. New tags will be listed with the empty "Used for"

7
roles/container-engine/cri-o/defaults/main.yml

@ -73,6 +73,13 @@ crun_runtime:
type: oci
root: /run/crun
# youki is an implementation of the OCI runtime-spec in Rust, similar to runc.
youki_runtime:
name: youki
path: "{{ youki_bin_dir }}/youki"
type: oci
root: /run/youki
# When this is true, CRI-O package repositories are added. Set this to false when using an
# environment with preconfigured CRI-O package repositories.
crio_add_repos: true

6
roles/container-engine/cri-o/tasks/main.yaml

@ -54,6 +54,12 @@
when:
- crun_enabled
- name: Build a list of crio runtimes with youki runtime
set_fact:
crio_runtimes: "{{ crio_runtimes + [youki_runtime] }}"
when:
- youki_enabled
- name: Make sure needed folders exist in the system
with_items:
- /etc/crio

8
roles/container-engine/meta/main.yml

@ -23,6 +23,14 @@ dependencies:
- container-engine
- crun
- role: container-engine/youki
when:
- youki_enabled
- container_manager == 'crio'
tags:
- container-engine
- youki
- role: container-engine/cri-o
when:
- container_manager == 'crio'

3
roles/container-engine/youki/defaults/main.yml

@ -0,0 +1,3 @@
---
youki_bin_dir: "{{ bin_dir }}"

11
roles/container-engine/youki/molecule/default/converge.yml

@ -0,0 +1,11 @@
---
- name: Converge
hosts: all
become: true
vars:
youki_enabled: true
container_manager: crio
roles:
- role: kubespray-defaults
- role: container-engine/cri-o
- role: container-engine/youki

17
roles/container-engine/youki/molecule/default/files/10-mynet.conf

@ -0,0 +1,17 @@
{
"cniVersion": "0.4.0",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "172.19.0.0/24",
"routes": [
{
"dst": "0.0.0.0/0"
}
]
}
}

10
roles/container-engine/youki/molecule/default/files/container.json

@ -0,0 +1,10 @@
{
"metadata": {
"name": "youki1"
},
"image": {
"image": "quay.io/kubespray/hello-world:latest"
},
"log_path": "youki1.0.log",
"linux": {}
}

10
roles/container-engine/youki/molecule/default/files/sandbox.json

@ -0,0 +1,10 @@
{
"metadata": {
"name": "youki1",
"namespace": "default",
"attempt": 1,
"uid": "hdishd83djaidwnduwk28bcsb"
},
"linux": {},
"log_directory": "/tmp"
}

45
roles/container-engine/youki/molecule/default/molecule.yml

@ -0,0 +1,45 @@
---
driver:
name: vagrant
provider:
name: libvirt
options:
driver: kvm
lint: |
set -e
yamllint -c ../../../.yamllint .
platforms:
- name: ubuntu20
box: generic/ubuntu2004
cpus: 1
memory: 1024
nested: true
groups:
- kube_control_plane
- name: almalinux8
box: almalinux/8
cpus: 1
memory: 1024
nested: true
groups:
- kube_control_plane
provisioner:
name: ansible
env:
ANSIBLE_ROLES_PATH: ../../../../
config_options:
defaults:
callback_whitelist: profile_tasks
timeout: 120
lint:
name: ansible-lint
options:
c: ../../../.ansible-lint
inventory:
group_vars:
all:
become: true
verifier:
name: testinfra
lint:
name: flake8

48
roles/container-engine/youki/molecule/default/prepare.yml

@ -0,0 +1,48 @@
---
- name: Prepare generic
hosts: all
become: true
roles:
- role: kubespray-defaults
- role: bootstrap-os
- role: adduser
user: "{{ addusers.kube }}"
tasks:
- include_tasks: "../../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.cni) }}"
- name: Prepare container runtime
hosts: all
become: true
vars:
container_manager: crio
kube_network_plugin: cni
roles:
- role: kubespray-defaults
- role: network_plugin/cni
- role: container-engine/crictl
tasks:
- name: Copy test container files
copy:
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
mode: 0644
with_items:
- container.json
- sandbox.json
- name: Create /etc/cni/net.d directory
file:
path: /etc/cni/net.d
state: directory
owner: root
mode: 0755
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
mode: 0644
with_items:
- 10-mynet.conf

29
roles/container-engine/youki/molecule/default/tests/test_default.py

@ -0,0 +1,29 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def test_run(host):
youkiruntime = "/usr/local/bin/youki"
with host.sudo():
cmd = host.command(youkiruntime + " --version")
assert cmd.rc == 0
assert "youki" in cmd.stdout
def test_run_pod(host):
runtime = "youki"
run_command = "/usr/local/bin/crictl run --with-pull --runtime {} /tmp/container.json /tmp/sandbox.json".format(runtime)
with host.sudo():
cmd = host.command(run_command)
assert cmd.rc == 0
with host.sudo():
log_f = host.file("/tmp/youki1.0.log")
assert log_f.exists
assert b"Hello from Docker" in log_f.content

12
roles/container-engine/youki/tasks/main.yml

@ -0,0 +1,12 @@
---
- name: youki | Download youki
include_tasks: "../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.youki) }}"
- name: youki | Copy youki binary from download dir
copy:
src: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-v{{ youki_version }}/youki"
dest: "{{ youki_bin_dir }}/youki"
mode: 0755
remote_src: true

24
roles/download/defaults/main.yml

@ -72,6 +72,7 @@ kubeadm_version: "{{ kube_version }}"
crun_version: 1.4
runc_version: v1.0.3
kata_containers_version: 2.2.3
youki_version: 0.0.1
gvisor_version: 20210921
containerd_version: 1.5.9
@ -142,6 +143,7 @@ crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/down
helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}"
crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
youki_download_url: "https://github.com/containers/youki/releases/download/v{{ youki_version }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz"
kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
# gVisor only supports amd64 and uses x86_64 to in the download link
gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc"
@ -430,6 +432,14 @@ crun_checksums:
1.3: c0955cf6d3d832c0249bbaa71ed235abb35b8ca45fe07f2bd4501a00afb9bdc4
1.4: 8e8081562503308f39f571acfe94afc663816ea0cb8f922145e2aaf0991415d7
youki_checksums:
arm:
0.0.1: 0
amd64:
0.0.1: 8bd712fe95c8a81194bfbc54c70516350f95153d67044579af95788fbafd943b
arm64:
0.0.1: 0
kata_containers_binary_checksums:
arm:
2.0.4: 0
@ -512,6 +522,7 @@ crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
runc_binary_checksum: "{{ runc_checksums[image_arch][runc_version] }}"
crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
youki_archive_checksum: "{{ youki_checksums[image_arch][youki_version] }}"
kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}"
gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}"
@ -809,6 +820,19 @@ downloads:
groups:
- k8s_cluster
youki:
file: true
enabled: "{{ youki_enabled }}"
version: "{{ youki_version }}"
dest: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz"
sha256: "{{ youki_archive_checksum }}"
url: "{{ youki_download_url }}"
unarchive: true
owner: "root"
mode: "0755"
groups:
- k8s_cluster
runc:
file: true
enabled: "{{ container_manager == 'containerd' }}"

9
roles/kubernetes-apps/container_runtimes/meta/main.yml

@ -20,3 +20,12 @@ dependencies:
- apps
- crun
- container-runtimes
- role: kubernetes-apps/container_runtimes/youki
when:
- youki_enabled
- container_manager == 'crio'
tags:
- apps
- youki
- container-runtimes

19
roles/kubernetes-apps/container_runtimes/youki/tasks/main.yaml

@ -0,0 +1,19 @@
---
- name: youki | Copy runtime class manifest
template:
src: runtimeclass-youki.yml
dest: "{{ kube_config_dir }}/runtimeclass-youki.yml"
mode: "0664"
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: youki | Apply manifests
kube:
name: "runtimeclass-youki"
kubectl: "{{ bin_dir }}/kubectl"
resource: "runtimeclass"
filename: "{{ kube_config_dir }}/runtimeclass-youki.yml"
state: "latest"
when:
- inventory_hostname == groups['kube_control_plane'][0]

6
roles/kubernetes-apps/container_runtimes/youki/templates/runtimeclass-youki.yml

@ -0,0 +1,6 @@
---
kind: RuntimeClass
apiVersion: node.k8s.io/v1
metadata:
name: youki
handler: youki

4
roles/kubespray-defaults/defaults/main.yaml

@ -275,6 +275,10 @@ gvisor_enabled: false
# When enabled, it requires container_manager=crio
crun_enabled: false
# Enable youki as additional container runtime
# When enabled, it requires container_manager=crio
youki_enabled: false
# Container on localhost (download images when download_localhost is true)
container_manager_on_localhost: "{{ container_manager }}"

Loading…
Cancel
Save