Last active
August 30, 2017 06:59
-
-
Save runcom/ba58bf2f64e38d9f5d376d587751a0f9 to your computer and use it in GitHub Desktop.
CRI-O + k8s
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/vendor/github.com/google/certificate-transparency/go/x509/x509.go b/vendor/github.com/google/certificate-transparency/go/x509/x509.go | |
| index bf53d70..097370a 100644 | |
| --- a/vendor/github.com/google/certificate-transparency/go/x509/x509.go | |
| +++ b/vendor/github.com/google/certificate-transparency/go/x509/x509.go | |
| @@ -371,8 +371,6 @@ var ( | |
| func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve { | |
| switch { | |
| - case oid.Equal(oidNamedCurveP224): | |
| - return elliptic.P224() | |
| case oid.Equal(oidNamedCurveP256): | |
| return elliptic.P256() | |
| case oid.Equal(oidNamedCurveP384): | |
| @@ -385,8 +383,6 @@ func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve { | |
| func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) { | |
| switch curve { | |
| - case elliptic.P224(): | |
| - return oidNamedCurveP224, true | |
| case elliptic.P256(): | |
| return oidNamedCurveP256, true | |
| case elliptic.P384(): | |
| @@ -1586,7 +1582,7 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgori | |
| pubType = ECDSA | |
| switch pub.Curve { | |
| - case elliptic.P224(), elliptic.P256(): | |
| + case elliptic.P256(): | |
| hashFunc = crypto.SHA256 | |
| sigAlgo.Algorithm = oidSignatureECDSAWithSHA256 | |
| case elliptic.P384(): | |
| diff --git a/vendor/golang.org/x/crypto/ocsp/ocsp.go b/vendor/golang.org/x/crypto/ocsp/ocsp.go | |
| index ea61cf4..7ec0937 100644 | |
| --- a/vendor/golang.org/x/crypto/ocsp/ocsp.go | |
| +++ b/vendor/golang.org/x/crypto/ocsp/ocsp.go | |
| @@ -196,7 +196,7 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo x509.SignatureA | |
| pubType = x509.ECDSA | |
| switch pub.Curve { | |
| - case elliptic.P224(), elliptic.P256(): | |
| + case elliptic.P256(): | |
| hashFunc = crypto.SHA256 | |
| sigAlgo.Algorithm = oidSignatureECDSAWithSHA256 | |
| case elliptic.P384(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/vendor/github.com/google/certificate-transparency/go/x509/x509.go b/vendor/github.com/google/certificate-transparency/go/x509/x509.go | |
| index cda7220..62e472d 100755 | |
| --- a/vendor/github.com/google/certificate-transparency/go/x509/x509.go | |
| +++ b/vendor/github.com/google/certificate-transparency/go/x509/x509.go | |
| @@ -338,8 +338,6 @@ var ( | |
| func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve { | |
| switch { | |
| - case oid.Equal(oidNamedCurveP224): | |
| - return elliptic.P224() | |
| case oid.Equal(oidNamedCurveP256): | |
| return elliptic.P256() | |
| case oid.Equal(oidNamedCurveP384): | |
| @@ -352,8 +350,6 @@ func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve { | |
| func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) { | |
| switch curve { | |
| - case elliptic.P224(): | |
| - return oidNamedCurveP224, true | |
| case elliptic.P256(): | |
| return oidNamedCurveP256, true | |
| case elliptic.P384(): | |
| @@ -1458,7 +1454,7 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub interf | |
| hashFunc = crypto.SHA1 | |
| case *ecdsa.PrivateKey: | |
| switch priv.Curve { | |
| - case elliptic.P224(), elliptic.P256(): | |
| + case elliptic.P256(): | |
| hashFunc = crypto.SHA256 | |
| signatureAlgorithm.Algorithm = oidSignatureECDSAWithSHA256 | |
| case elliptic.P384(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Centos 7 VM, 8GB ram, 20+GB storage | |
| # dnf update | |
| # dnf install gpgme-devel libassuan-devel libseccomp-devel device-mapper-devel btrfs-progs-devel glibc-static glibc-devel glib2-devel iptables git golang | |
| # export GOPATH=$HOME/go | |
| # export PATH=$PATH:$GOPATH/bin | |
| # go get -d github.com/opencontainers/runc | |
| # go get -d github.com/kubernetes-incubator/cri-o | |
| # go get -d k8s.io/kubernetes | |
| # go get -d github.com/containernetworking/cni | |
| # cd $GOPATH/src/github.com/kubernetes-incubator/cri-o | |
| # git remote add runcom https://github.com/runcom/ocid-1 | |
| # git fetch runcom -a | |
| # git checkout --track runcom/demo | |
| # make install.tools | |
| # make && make install | |
| # cd $GOPATH/src/github.com/opencontainers/runc | |
| # git reset --hard a6e649f5835b7ebf354a73ff3a80f3223e3cb5de | |
| # make | |
| # cd $GOPATH/src/github.com/containernetworking/cni` | |
| # mkdir -p /etc/cni/net.d | |
| # sh -c 'cat >/etc/cni/net.d/10-mynet.conf <<-EOF | |
| { | |
| "cniVersion": "0.2.0", | |
| "name": "mynet", | |
| "type": "bridge", | |
| "bridge": "cni0", | |
| "isGateway": true, | |
| "ipMasq": true, | |
| "ipam": { | |
| "type": "host-local", | |
| "subnet": "10.88.0.0/16", | |
| "routes": [ | |
| { "dst": "0.0.0.0/0" } | |
| ] | |
| } | |
| } | |
| EOF' | |
| # mkdir -p /etc/containers | |
| # sh -c 'cat >/etc/containers/policy.json <<-EOF | |
| { | |
| "default": [ | |
| { | |
| "type": "insecureAcceptAnything" | |
| } | |
| ] | |
| } | |
| EOF' | |
| # ./build | |
| # mkdir -p /opt/cni/bin | |
| # cp bin/* /opt/cni/bin/ | |
| # go get -d github.com/cloudflare/cfssl | |
| # cd $GOPATH/src/github.com/cloudflare/cfssl | |
| # curl -opatch https://gist.githubusercontent.com/runcom/ba58bf2f64e38d9f5d376d587751a0f9/raw/18af375460c2016c05569792d8f9ea68d85fb607/centos-golang-cypto.patch | |
| # git apply patch | |
| # go install github.com/cloudflare/cfssl/cmd/... | |
| # cd $GOPATH/src/k8s.io/kubernetes | |
| # git reset --hard dca0b2a73d6daf89924c1aa7469bd3ea63cf1f5f | |
| # ocid --debug --runtime $GOPATH/src/github.com/opencontainers/runc/runc & | |
| # curl -L https://github.com/coreos/etcd/releases/download/v3.0.15/etcd-v3.0.15-linux-amd64.tar.gz -o /tmp/etcd-v3.0.15-linux-amd64.tar.gz | |
| # mkdir -p /tmp/test-etcd && tar xzvf /tmp/etcd-v3.0.15-linux-amd64.tar.gz -C /tmp/test-etcd --strip-components=1 | |
| # cp /tmp/test-etcd/etcd /usr/bin/ | |
| # curl -opatch https://gist.githubusercontent.com/runcom/ba58bf2f64e38d9f5d376d587751a0f9/raw/ccd5d10790f62d5839412b7e7aad0ca802cafc71/centos-k8s-golang-crypto.patch | |
| # git apply patch | |
| # EXPERIMENTAL_CRI=true CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT=/var/run/ocid.sock ./hack/local-up-cluster.sh | |
| # | |
| # export KUBERNETES_PROVIDER=local | |
| # cluster/kubectl.sh config set-cluster local --server=https://localhost:6443 --certificate-authority=/var/run/kubernetes/apiserver.crt | |
| # cluster/kubectl.sh config set-credentials myself --username=admin --password=admin | |
| # cluster/kubectl.sh config set-context local --cluster=local --user=myself | |
| # cluster/kubectl.sh config use-context local | |
| # cluster/kubectl.sh get nodes | |
| # cluster/kubectl.sh run nginx --image=nginx -- nginx '-g' 'daemon off;' | |
| # cluster/kubectl.sh get pods | |
| # curl $(cluster/kubectl.sh get -o json pods $POD_NAME | python -c 'import sys,json;data=json.loads(sys.stdin.read()); print data["status"]["podIP"]') | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Welcome to nginx!</title> | |
| <style> | |
| body { | |
| width: 35em; | |
| margin: 0 auto; | |
| font-family: Tahoma, Verdana, Arial, sans-serif; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <h1>Welcome to nginx!</h1> | |
| <p>If you see this page, the nginx web server is successfully installed and | |
| working. Further configuration is required.</p> | |
| <p>For online documentation and support please refer to | |
| <a href="http://nginx.org/">nginx.org</a>.<br/> | |
| Commercial support is available at | |
| <a href="http://nginx.com/">nginx.com</a>.</p> | |
| <p><em>Thank you for using nginx.</em></p> | |
| </body> | |
| </html> | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # F25 VM, 8GB ram, 20+GB storage | |
| # dnf update | |
| # dnf install gpgme-devel libassuan-devel libseccomp-devel device-mapper-devel btrfs-progs-devel glibc-static glibc-devel glib2-devel iptables jq git golang | |
| # export GOPATH=$HOME/go | |
| # export PATH=$PATH:$GOPATH/bin | |
| # go get -d github.com/opencontainers/runc | |
| # go get -d github.com/kubernetes-incubator/cri-o | |
| # go get -d k8s.io/kubernetes | |
| # go get -d github.com/containernetworking/cni | |
| # cd $GOPATH/src/github.com/kubernetes-incubator/cri-o | |
| # git remote add runcom https://github.com/runcom/ocid-1 | |
| # git fetch runcom -a | |
| # git checkout --track runcom/demo | |
| # make install.tools | |
| # make && make install | |
| # cd $GOPATH/src/github.com/opencontainers/runc | |
| # git reset --hard a6e649f5835b7ebf354a73ff3a80f3223e3cb5de | |
| # make | |
| # cd $GOPATH/src/github.com/containernetworking/cni` | |
| # mkdir -p /etc/cni/net.d | |
| # sh -c 'cat >/etc/cni/net.d/10-mynet.conf <<-EOF | |
| { | |
| "cniVersion": "0.2.0", | |
| "name": "mynet", | |
| "type": "bridge", | |
| "bridge": "cni0", | |
| "isGateway": true, | |
| "ipMasq": true, | |
| "ipam": { | |
| "type": "host-local", | |
| "subnet": "10.88.0.0/16", | |
| "routes": [ | |
| { "dst": "0.0.0.0/0" } | |
| ] | |
| } | |
| } | |
| EOF' | |
| # mkdir -p /etc/containers | |
| # sh -c 'cat >/etc/containers/policy.json <<-EOF | |
| { | |
| "default": [ | |
| { | |
| "type": "insecureAcceptAnything" | |
| } | |
| ] | |
| } | |
| EOF' | |
| # ./build | |
| # mkdir -p /opt/cni/bin | |
| # cp bin/* /opt/cni/bin/ | |
| # cd $GOPATH/src/k8s.io/kubernetes | |
| # git reset --hard dca0b2a73d6daf89924c1aa7469bd3ea63cf1f5f | |
| # ocid --debug --runtime $GOPATH/src/github.com/opencontainers/runc/runc & | |
| # go get -d github.com/cloudflare/cfssl/cmd/... | |
| # curl -L https://github.com/coreos/etcd/releases/download/v3.0.15/etcd-v3.0.15-linux-amd64.tar.gz -o /tmp/etcd-v3.0.15-linux-amd64.tar.gz | |
| # mkdir -p /tmp/test-etcd && tar xzvf /tmp/etcd-v3.0.15-linux-amd64.tar.gz -C /tmp/test-etcd --strip-components=1 | |
| # cp /tmp/test-etcd/etcd /usr/bin/ | |
| # EXPERIMENTAL_CRI=true CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT=/var/run/ocid.sock ./hack/local-up-cluster.sh | |
| # | |
| # cluster/kubectl.sh get nodes | |
| # cluster/kubectl.sh run nginx --image=nginx -- nginx '-g' 'daemon off;' | |
| # cluster/kubectl.sh get pods | |
| # curl $(cluster/kubectl.sh get -o json pods $POD_NAME | jq -r '.status.podIP') | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Welcome to nginx!</title> | |
| <style> | |
| body { | |
| width: 35em; | |
| margin: 0 auto; | |
| font-family: Tahoma, Verdana, Arial, sans-serif; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <h1>Welcome to nginx!</h1> | |
| <p>If you see this page, the nginx web server is successfully installed and | |
| working. Further configuration is required.</p> | |
| <p>For online documentation and support please refer to | |
| <a href="http://nginx.org/">nginx.org</a>.<br/> | |
| Commercial support is available at | |
| <a href="http://nginx.com/">nginx.com</a>.</p> | |
| <p><em>Thank you for using nginx.</em></p> | |
| </body> | |
| </html> | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment