rushi47 · February 18, 2025 04:44 · rushi47 · Feb 18, 2025
diff --git a/minikube_kata_deploy.sh b/minikube_kata_deploy.sh
 #!/bin/bash

 # Start minikube with specific configuration
 minikube start \
  --vm-driver kvm2 \
  --memory 6144 \
  --network-plugin=cni \
  --enable-default-cni \
  --container-runtime=containerd \
  --bootstrapper=kubeadm

 # Wait for minikube to be ready
 echo "Waiting for minikube to be ready..."
 sleep 10

 # Deploy Kata containers and RBAC
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: kata-deploy-sa
  namespace: kube-system
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: kata-deploy-role
 rules:
 - apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "patch"]
 - apiGroups: ["node.k8s.io"]
  resources: ["runtimeclasses"]
  verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
 - apiGroups: ["apps"]
  resources: ["daemonsets"]
  verbs: ["list"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: kata-deploy-rb
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kata-deploy-role
 subjects:
 - kind: ServiceAccount
  name: kata-deploy-sa
  namespace: kube-system
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: kata-deploy
  namespace: kube-system
 spec:
  selector:
    matchLabels:
      name: kata-deploy
  template:
    metadata:
      labels:
        name: kata-deploy
    spec:
      serviceAccountName: kata-deploy-sa
      hostPID: true
      containers:
        - name: kube-kata
          image: quay.io/kata-containers/kata-deploy:latest
          imagePullPolicy: Always
          lifecycle:
            preStop:
              exec:
                command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"]
          command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install"]
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: DEBUG
              value: "false"
            - name: SHIMS
              value: "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-sev qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx"
            - name: DEFAULT_SHIM
              value: "qemu"
            - name: CREATE_RUNTIMECLASSES
              value: "false"
            - name: CREATE_DEFAULT_RUNTIMECLASS
              value: "false"
            - name: ALLOWED_HYPERVISOR_ANNOTATIONS
              value: ""
            - name: SNAPSHOTTER_HANDLER_MAPPING
              value: ""
            - name: AGENT_HTTPS_PROXY
              value: ""
            - name: AGENT_NO_PROXY
              value: ""
            - name: PULL_TYPE_MAPPING
              value: ""
            - name: INSTALLATION_PREFIX
              value: ""
            - name: MULTI_INSTALL_SUFFIX
              value: ""
          securityContext:
            privileged: true
          volumeMounts:
            - name: crio-conf
              mountPath: /etc/crio/
            - name: containerd-conf
              mountPath: /etc/containerd/
            - name: host
              mountPath: /host/
      volumes:
        - name: crio-conf
          hostPath:
            path: /etc/crio/
        - name: containerd-conf
          hostPath:
            path: /etc/containerd/
        - name: host
          hostPath:
            path: /
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
 ---
 apiVersion: node.k8s.io/v1
 kind: RuntimeClass
 metadata:
  name: kata-qemu
 handler: kata-qemu
 EOF

 echo "Waiting for kata-deploy DaemonSet to be ready..."
 kubectl rollout status daemonset/kata-deploy -n kube-system

 # Add label to nodes for kata containers
 kubectl label nodes --all katacontainers.io/kata-runtime=true

 # Create a test pod to verify the setup
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Pod
 metadata:
  name: kata-ubuntu
  namespace: default
 spec:
  runtimeClassName: kata-qemu
  containers:
  - name: ubuntu
    image: ubuntu:22.04
    command: ["/bin/bash", "-c", "sleep infinity"]
 EOF

 echo "Setup complete! Verify the installation with:"
 echo "kubectl get pods -n kube-system | grep kata"
 echo "kubectl get pod kata-ubuntu"
	#!/bin/bash

	# Start minikube with specific configuration
	minikube start \
	--vm-driver kvm2 \
	--memory 6144 \
	--network-plugin=cni \
	--enable-default-cni \
	--container-runtime=containerd \
	--bootstrapper=kubeadm

	# Wait for minikube to be ready
	echo "Waiting for minikube to be ready..."
	sleep 10

	# Deploy Kata containers and RBAC
	cat <<EOF \| kubectl apply -f -
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: kata-deploy-sa
	namespace: kube-system
	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: kata-deploy-role
	rules:
	- apiGroups: [""]
	resources: ["nodes"]
	verbs: ["get", "patch"]
	- apiGroups: ["node.k8s.io"]
	resources: ["runtimeclasses"]
	verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
	- apiGroups: ["apps"]
	resources: ["daemonsets"]
	verbs: ["list"]
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: kata-deploy-rb
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: kata-deploy-role
	subjects:
	- kind: ServiceAccount
	name: kata-deploy-sa
	namespace: kube-system
	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: kata-deploy
	namespace: kube-system
	spec:
	selector:
	matchLabels:
	name: kata-deploy
	template:
	metadata:
	labels:
	name: kata-deploy
	spec:
	serviceAccountName: kata-deploy-sa
	hostPID: true
	containers:
	- name: kube-kata
	image: quay.io/kata-containers/kata-deploy:latest
	imagePullPolicy: Always
	lifecycle:
	preStop:
	exec:
	command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"]
	command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install"]
	env:
	- name: NODE_NAME
	valueFrom:
	fieldRef:
	fieldPath: spec.nodeName
	- name: DEBUG
	value: "false"
	- name: SHIMS
	value: "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-sev qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx"
	- name: DEFAULT_SHIM
	value: "qemu"
	- name: CREATE_RUNTIMECLASSES
	value: "false"
	- name: CREATE_DEFAULT_RUNTIMECLASS
	value: "false"
	- name: ALLOWED_HYPERVISOR_ANNOTATIONS
	value: ""
	- name: SNAPSHOTTER_HANDLER_MAPPING
	value: ""
	- name: AGENT_HTTPS_PROXY
	value: ""
	- name: AGENT_NO_PROXY
	value: ""
	- name: PULL_TYPE_MAPPING
	value: ""
	- name: INSTALLATION_PREFIX
	value: ""
	- name: MULTI_INSTALL_SUFFIX
	value: ""
	securityContext:
	privileged: true
	volumeMounts:
	- name: crio-conf
	mountPath: /etc/crio/
	- name: containerd-conf
	mountPath: /etc/containerd/
	- name: host
	mountPath: /host/
	volumes:
	- name: crio-conf
	hostPath:
	path: /etc/crio/
	- name: containerd-conf
	hostPath:
	path: /etc/containerd/
	- name: host
	hostPath:
	path: /
	updateStrategy:
	rollingUpdate:
	maxUnavailable: 1
	type: RollingUpdate
	---
	apiVersion: node.k8s.io/v1
	kind: RuntimeClass
	metadata:
	name: kata-qemu
	handler: kata-qemu
	EOF

	echo "Waiting for kata-deploy DaemonSet to be ready..."
	kubectl rollout status daemonset/kata-deploy -n kube-system

	# Add label to nodes for kata containers
	kubectl label nodes --all katacontainers.io/kata-runtime=true

	# Create a test pod to verify the setup
	cat <<EOF \| kubectl apply -f -
	apiVersion: v1
	kind: Pod
	metadata:
	name: kata-ubuntu
	namespace: default
	spec:
	runtimeClassName: kata-qemu
	containers:
	- name: ubuntu
	image: ubuntu:22.04
	command: ["/bin/bash", "-c", "sleep infinity"]
	EOF

	echo "Setup complete! Verify the installation with:"
	echo "kubectl get pods -n kube-system \| grep kata"
	echo "kubectl get pod kata-ubuntu"