- Kuberentes, kubelet 1.10+
- cri-containerd 1.1.0+
- Kata Containers 0.2.0+
#sed -n '/^```/,/^```/ p' | sed '/^```/ d' > script.sh
Follow the instructions from "cri" installation guide
# Install cri-containerd
VERSION="1.1.0"
curl -OL \
https://storage.googleapis.com/cri-containerd-release/cri-containerd-${VERSION}.linux-amd64.tar.gz
sudo tar -C / -xzf cri-containerd-${VERSION}.linux-amd64.tar.gz
sudo apt-get update
sudo apt-get install libseccomp2
sudo systemctl daemon-reload
sudo systemctl start containerd
Follow the instructions to install Kata in your system:
Example (Ubuntu*):
# Install kata
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/release/xUbuntu_$(lsb_release -rs)/ /' >> /etc/apt/sources.list.d/kata-containers.list"
wget -qO - http://download.opensuse.org/repositories/home:/katacontainers:/release/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add -
sudo -E apt-get update
sudo -E apt-get -y install kata-runtime
# Install k8s
sudo apt-get update && sudo apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet=1.10.0-00 kubeadm=1.10.0-00 kubectl=1.10.0-00
sudo mkdir -p /etc/containerd/
cat << EOT | sudo tee /etc/containerd/config.toml
[plugins]
[plugins.cri.containerd]
snapshotter = "overlayfs"
[plugins.cri.containerd.default_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.untrusted_workload_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = "/usr/bin/kata-runtime"
runtime_root = ""
EOT
# Configure k8s to use contaienrd
sudo mkdir -p /etc/systemd/system/kubelet.service.d/
cat << EOF | sudo tee /etc/systemd/system/kubelet.service.d/0-containerd.conf
[Service]
Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
EOF
sudo systemctl daemon-reload
If you are behind a proxy this script will configure your proxy for docker kubelet and containerd.
# Set proxys
services=(
'kubelet'
'containerd'
'docker'
)
for s in "${services[@]}"; do
service_dir="/etc/systemd/system/${s}.service.d/"
sudo mkdir -p ${service_dir}
cat << EOT | sudo tee "${service_dir}/proxy.conf"
[Service]
Environment="HTTP_PROXY=${http_proxy}"
Environment="HTTPS_PROXY=${https_proxy}"
Environment="NO_PROXY=${no_proxy}"
EOT
done
sudo systemctl daemon-reload# Create k8s cluster
sudo systemctl restart containerd
sudo iptables -P FORWARD ACCEPT
sudo kubeadm init --skip-preflight-checks \
--cri-socket /run/containerd/containerd.sock --pod-network-cidr=10.244.0.0/16
export KUBECONFIG=/etc/kubernetes/admin.conf
sudo -E kubectl get nodes
sudo -E kubectl get pods
sudo -E kubectl apply -f \
https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml
# wait to setup network pod.
sleep 30s
sudo -E kubectl taint nodes --all node-role.kubernetes.io/master-
cat << EOT | tee nginx-untrusted.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-untrusted
annotations:
io.kubernetes.cri.untrusted-workload: "true"
spec:
containers:
- name: nginx
image: nginx
EOT
sudo -E kubectl apply -f nginx-untrusted.yaml
sudo -E kubectl get pods
#echo sudo -E kubectl delete -f nginx-untrusted.yaml
#sudo kubeadm reset --ignore-preflight-errors=all \
#--cri-socket /run/containerd/containerd.sock