aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kud/build/Dockerfile8
-rw-r--r--kud/deployment_infra/playbooks/configure-kata-webhook-reset.yml30
-rw-r--r--kud/deployment_infra/playbooks/configure-kata-webhook.yml69
-rw-r--r--kud/deployment_infra/playbooks/configure-kata.yml29
-rw-r--r--kud/deployment_infra/playbooks/kud-vars.yml11
-rw-r--r--kud/hosting_providers/containerized/README.md23
-rwxr-xr-xkud/hosting_providers/containerized/installer.sh88
-rw-r--r--kud/hosting_providers/vagrant/README.md14
-rwxr-xr-xkud/hosting_providers/vagrant/installer.sh87
-rw-r--r--kud/tests/kata-clh.yml26
-rw-r--r--kud/tests/kata-qemu.yml26
-rwxr-xr-xkud/tests/kata.sh47
12 files changed, 430 insertions, 28 deletions
diff --git a/kud/build/Dockerfile b/kud/build/Dockerfile
index 38c63295..72c46f73 100644
--- a/kud/build/Dockerfile
+++ b/kud/build/Dockerfile
@@ -1,8 +1,16 @@
FROM ubuntu:18.04 as base
ARG KUD_ENABLE_TESTS=false
ARG KUD_PLUGIN_ENABLED=false
+ARG CONTAINER_RUNTIME=docker
+ARG KUD_DEBUG=""
+ARG ENABLE_KATA_WEBHOOK=false
+ARG KATA_WEBHOOK_RUNTIMECLASS=kata-clh
ENV KUD_ENABLE_TESTS=$KUD_ENABLE_TESTS
ENV KUD_PLUGIN_ENABLED=$KUD_PLUGIN_ENABLED
+ENV CONTAINER_RUNTIME=$CONTAINER_RUNTIME
+ENV KUD_DEBUG=$KUD_DEBUG
+ENV ENABLE_KATA_WEBHOOK=$ENABLE_KATA_WEBHOOK
+ENV KATA_WEBHOOK_RUNTIMECLASS=$KATA_WEBHOOK_RUNTIMECLASS
ADD . /usr/src/multicloud-k8s
USER root
SHELL ["/bin/bash", "-c"]
diff --git a/kud/deployment_infra/playbooks/configure-kata-webhook-reset.yml b/kud/deployment_infra/playbooks/configure-kata-webhook-reset.yml
new file mode 100644
index 00000000..4c25613a
--- /dev/null
+++ b/kud/deployment_infra/playbooks/configure-kata-webhook-reset.yml
@@ -0,0 +1,30 @@
+---
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+- hosts: localhost
+ become: yes
+ pre_tasks:
+ - name: Load kud variables
+ include_vars:
+ file: "{{ playbook_dir }}/kud-vars.yml"
+ tasks:
+ - name: Remove Kata webhook
+ command: "/usr/local/bin/kubectl delete -f {{ kata_webhook_dest }}/deploy/webhook-{{ kata_webhook_runtimeclass }}.yaml"
+
+ - name: Remove Kata mutating webhook configuration
+ command: "/usr/local/bin/kubectl delete -f {{ kata_webhook_dest }}/deploy/webhook-registration.yaml"
+
+ - name: Remove Kata webhook certs
+ command: "/usr/local/bin/kubectl delete -f {{ kata_webhook_dest }}/deploy/webhook-certs.yaml" \ No newline at end of file
diff --git a/kud/deployment_infra/playbooks/configure-kata-webhook.yml b/kud/deployment_infra/playbooks/configure-kata-webhook.yml
new file mode 100644
index 00000000..cb11bdf7
--- /dev/null
+++ b/kud/deployment_infra/playbooks/configure-kata-webhook.yml
@@ -0,0 +1,69 @@
+---
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+- hosts: localhost
+ become: yes
+ pre_tasks:
+ - name: Load kud variables
+ include_vars:
+ file: "{{ playbook_dir }}/kud-vars.yml"
+ tasks:
+ - name: Create Kata webook folder
+ file:
+ state: directory
+ path: "{{ kata_webhook_dest }}/deploy"
+ ignore_errors: yes
+
+ - name: Download Kata webhook script
+ get_url:
+ url: "{{ kata_webhook_script_url }}"
+ dest: "{{ kata_webhook_dest }}"
+
+ - name: Download Kata webhook registration yaml
+ get_url:
+ url: "{{ kata_webhook_registration_url }}"
+ dest: "{{ kata_webhook_dest }}/deploy"
+
+ - name: Download Kata webhook deployment yaml
+ get_url:
+ url: "{{ kata_webhook_deployment_url }}"
+ dest: "{{ kata_webhook_dest }}/deploy"
+
+ - name: Changing perm of create-certs.sh, adding "+x"
+ shell: "chmod +x create-certs.sh"
+ args:
+ chdir: "{{ kata_webhook_dest }}"
+ warn: False
+
+ - name: Modify webhook for {{ kata_webhook_runtimeclass }} Runtimeclass
+ shell: "sed 's/value: kata/value: {{ kata_webhook_runtimeclass }}/g' webhook.yaml | tee webhook-{{ kata_webhook_runtimeclass }}.yaml"
+ args:
+ chdir: "{{ kata_webhook_dest }}/deploy"
+ warn: False
+
+ - name: Create Kata webhook secret
+ command: "{{ kata_webhook_dest }}/create-certs.sh"
+ args:
+ chdir: "{{ kata_webhook_dest }}"
+ warn: False
+
+ - name: Apply Kata webhook certs
+ command: "/usr/local/bin/kubectl apply -f {{ kata_webhook_dest }}/deploy/webhook-certs.yaml"
+
+ - name: Apply Kata mutating webhook configuration
+ command: "/usr/local/bin/kubectl apply -f {{ kata_webhook_dest }}/deploy/webhook-registration.yaml"
+
+ - name: Apply Kata webhook
+ command: "/usr/local/bin/kubectl apply -f {{ kata_webhook_dest }}/deploy/webhook-{{ kata_webhook_runtimeclass }}.yaml" \ No newline at end of file
diff --git a/kud/deployment_infra/playbooks/configure-kata.yml b/kud/deployment_infra/playbooks/configure-kata.yml
new file mode 100644
index 00000000..664d3521
--- /dev/null
+++ b/kud/deployment_infra/playbooks/configure-kata.yml
@@ -0,0 +1,29 @@
+---
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+- hosts: kube-master
+ become: yes
+ pre_tasks:
+ - name: Load kud variables
+ include_vars:
+ file: kud-vars.yml
+ tasks:
+ - name: Apply Kata rbac roles
+ command: "/usr/local/bin/kubectl apply -f {{ kata_rbac_url }}"
+ - name: Apply Kata Deploy
+ command: "/usr/local/bin/kubectl apply -f {{ kata_deploy_url }}"
+ - name: Setup Kata runtime classes
+ command: "/usr/local/bin/kubectl apply -f {{ kata_runtimeclass_url }}"
+
diff --git a/kud/deployment_infra/playbooks/kud-vars.yml b/kud/deployment_infra/playbooks/kud-vars.yml
index 4ad9e378..24a9ef98 100644
--- a/kud/deployment_infra/playbooks/kud-vars.yml
+++ b/kud/deployment_infra/playbooks/kud-vars.yml
@@ -115,3 +115,14 @@ emcoctl_localhost: true
emco_roles:
- emco
- monitor
+
+kata_version: 2.1.0-rc0
+kata_rbac_url: "https://raw.githubusercontent.com/kata-containers/kata-containers/{{ kata_version }}/tools/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml"
+kata_deploy_url: "https://raw.githubusercontent.com/kata-containers/kata-containers/{{ kata_version }}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
+kata_runtimeclass_url: "https://raw.githubusercontent.com/kata-containers/kata-containers/{{ kata_version }}/tools/packaging/kata-deploy/runtimeclasses/kata-runtimeClasses.yaml"
+kata_webhook_dest: "{{ base_dest }}/kata_webhook"
+kata_webhook_version: 2.1.0-rc0
+kata_webhook_script_url: "https://raw.githubusercontent.com/kata-containers/tests/{{ kata_webhook_version }}/kata-webhook/create-certs.sh"
+kata_webhook_registration_url: "https://raw.githubusercontent.com/kata-containers/tests/{{ kata_webhook_version }}/kata-webhook/deploy/webhook-registration.yaml.tpl"
+kata_webhook_deployment_url: "https://raw.githubusercontent.com/kata-containers/tests/{{ kata_webhook_version }}/kata-webhook/deploy/webhook.yaml"
+kata_webhook_runtimeclass: "kata-clh"
diff --git a/kud/hosting_providers/containerized/README.md b/kud/hosting_providers/containerized/README.md
index 2f9a9e52..bd5b08a8 100644
--- a/kud/hosting_providers/containerized/README.md
+++ b/kud/hosting_providers/containerized/README.md
@@ -21,9 +21,9 @@ KUD installation installer is divided into two regions with args - `--install-pk
* Container image is build using the `installer --install-pkg` arg and Kubernetes job is used to install the cluster using `installer --cluster <cluster-name>`. Installer will invoke the kubespray cluster.yml, kud-addsons and plugins ansible cluster.
-Installer script finds the `hosts.init` for each cluster in `/opt/multi-cluster/<cluster-name>`
+Installer script finds the `hosts.ini` for each cluster in `/opt/multi-cluster/<cluster-name>`
-Kubernetes jobs(a cluster per job) are used to install multiple clusters and logs of each cluster deployments are stored in the `/opt/kud/multi-cluster/<cluster-name>/logs` and artifacts are stored as follows `/opt/kud/multi-cluster/<cluster-name>/artifacts`
+Kubernetes jobs (a cluster per job) are used to install multiple clusters and logs of each cluster deployments are stored in the `/opt/kud/multi-cluster/<cluster-name>/logs` and artifacts are stored as follows `/opt/kud/multi-cluster/<cluster-name>/artifacts`
## Creating TestBed for Testing and Development
@@ -38,26 +38,31 @@ $ pushd multicloud-k8s/kud/hosting_providers/containerized/testing
$ vagrant up
$ popd
```
-Do following steps to keep note of
+Do the following steps to keep note of
1. Get the IP address for the Vagrant machine - <VAGRANT_IP_ADDRESS>
2. Copy the host /root/.ssh/id_rsa.pub into the vagrant /root/.ssh/authorized_keys
3. From host make sure to ssh into vagrant without password ssh root@<VAGRANT_IP_ADDRESS>
## Quickstart Installation Guide
-Build the kud docker images as follows, add KUD_ENABLE_TESTS & KUD_PLUGIN_ENABLED for the testing only:
+Build the kud docker images as follows. Add `KUD_ENABLE_TESTS` & `KUD_PLUGIN_ENABLED`
+for the testing only. Currently only docker and containerd are supported CRI
+runtimes and can be configured using the `CONTAINER_RUNTIME` environment variable.
+To be able to run secure containers using Kata Containers, it is required to
+change the CRI runtime to containerd.
```
$ git clone https://github.com/onap/multicloud-k8s.git && cd multicloud-k8s
-$ docker build --rm \
+$ docker build --rm \
--build-arg http_proxy=${http_proxy} \
--build-arg HTTP_PROXY=${HTTP_PROXY} \
--build-arg https_proxy=${https_proxy} \
--build-arg HTTPS_PROXY=${HTTPS_PROXY} \
--build-arg no_proxy=${no_proxy} \
--build-arg NO_PROXY=${NO_PROXY} \
- --build-arg KUD_ENABLE_TESTS=true \
- --build-arg KUD_PLUGIN_ENABLED=true \
+ --build-arg KUD_ENABLE_TESTS=true \
+ --build-arg KUD_PLUGIN_ENABLED=true \
+ --build-arg CONTAINER_RUNTIME=docker \
-t github.com/onap/multicloud-k8s:latest . -f kud/build/Dockerfile
```
Let's create a cluster-101 and cluster-102 hosts.ini as follows
@@ -66,7 +71,7 @@ Let's create a cluster-101 and cluster-102 hosts.ini as follows
$ mkdir -p /opt/kud/multi-cluster/{cluster-101,cluster-102}
```
-Create hosts.ini as follows in the direcotry cluster-101(c01 IP address 10.10.10.3) and cluster-102(c02 IP address 10.10.10.5). If user used Vagrant setup as mentioned in the above steps, replace the IP address with vagrant IP address
+Create the hosts.ini as follows in the directory cluster-101(c01 IP address 10.10.10.3) and cluster-102(c02 IP address 10.10.10.5). If the user used a Vagrant setup as mentioned in the above steps, replace the IP address with the vagrant IP address.
```
$ cat /opt/kud/multi-cluster/cluster-101/hosts.ini
@@ -97,7 +102,7 @@ kube-master
```
Do the same for the cluster-102 with c01 and IP address 10.10.10.5.
-Create the ssh secret for Baremetal or VM based on your deployment. and Launch the kubernetes job as follows
+Create the ssh secret for Baremetal or VM based on your deployment. Launch the kubernetes job as follows.
```
$ kubectl create secret generic ssh-key-secret --from-file=id_rsa=/root/.ssh/id_rsa --from-file=id_rsa.pub=/root/.ssh/id_rsa.pub
$ CLUSTER_NAME=cluster-101
diff --git a/kud/hosting_providers/containerized/installer.sh b/kud/hosting_providers/containerized/installer.sh
index 74c031dc..427850ab 100755
--- a/kud/hosting_providers/containerized/installer.sh
+++ b/kud/hosting_providers/containerized/installer.sh
@@ -14,7 +14,6 @@ set -o pipefail
set -ex
INSTALLER_DIR="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")")"
-KUD_ADDONS=""
function install_prerequisites {
#install package for docker images
@@ -78,17 +77,35 @@ function install_kubespray {
fi
}
-# install_k8s() - Install Kubernetes using kubespray tool
+# install_k8s() - Install Kubernetes using kubespray tool including Kata
function install_k8s {
local cluster_name=$1
ansible-playbook $verbose -i \
$kud_inventory $kud_playbooks/preconfigure-kubespray.yml \
--become --become-user=root | \
tee $cluster_log/setup-kubernetes.log
- ansible-playbook $verbose -i \
- $kud_inventory $dest_folder/kubespray-$version/cluster.yml \
- -e cluster_name=$cluster_name --become --become-user=root | \
- tee $cluster_log/setup-kubernetes.log
+ if [ "$container_runtime" == "docker" ]; then
+ echo "Docker will be used as the container runtime interface"
+ ansible-playbook $verbose -i \
+ $kud_inventory $dest_folder/kubespray-$version/cluster.yml \
+ -e cluster_name=$cluster_name --become --become-user=root | \
+ tee $cluster_log/setup-kubernetes.log
+ elif [ "$container_runtime" == "containerd" ]; then
+ echo "Containerd will be used as the container runtime interface"
+ ansible-playbook $verbose -i \
+ $kud_inventory $dest_folder/kubespray-$version/cluster.yml \
+ -e $kud_kata_override_variables -e cluster_name=$cluster_name \
+ --become --become-user=root | \
+ tee $cluster_log/setup-kubernetes.log
+ #Install Kata Containers in containerd scenario
+ ansible-playbook $verbose -i \
+ $kud_inventory -e "base_dest=$HOME" \
+ $kud_playbooks/configure-kata.yml | \
+ tee $cluster_log/setup-kata.log
+ else
+ echo "Only Docker or Containerd are supported container runtimes"
+ exit 1
+ fi
# Configure environment
# Requires kubeconfig_localhost and kubectl_localhost to be true
@@ -116,21 +133,37 @@ function install_addons {
$kud_infra_folder/galaxy-requirements.yml --ignore-errors
ansible-playbook $verbose -i \
- $kud_inventory -e "base_dest=$HOME" $kud_playbooks/configure-kud.yml | \
- tee $cluster_log/setup-kud.log
- # The order of KUD_ADDONS is important: some plugins (sriov, qat)
- # require nfd to be enabled.
- for addon in $KUD_ADDONS $plugins_name; do
+ $kud_inventory -e "base_dest=$HOME" $kud_playbooks/configure-kud.yml \
+ | tee $cluster_log/setup-kud.log
+
+ kud_addons="${KUD_ADDONS:-} ${plugins_name}"
+
+ for addon in ${kud_addons}; do
echo "Deploying $addon using configure-$addon.yml playbook.."
ansible-playbook $verbose -i \
- $kud_inventory -e "base_dest=$HOME" $kud_playbooks/configure-${addon}.yml | \
+ $kud_inventory -e "base_dest=$HOME" \
+ $kud_playbooks/configure-${addon}.yml | \
tee $cluster_log/setup-${addon}.log
done
echo "Run the test cases if testing_enabled is set to true."
if [[ "${testing_enabled}" == "true" ]]; then
failed_kud_tests=""
- for addon in $KUD_ADDONS $plugins_name; do
+ # Run Kata test first if Kata was installed
+ if [ "$container_runtime" == "containerd" ]; then
+ #Install Kata webhook for test pods
+ ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
+ -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
+ $kud_playbooks/configure-kata-webhook.yml \
+ --become --become-user=root | \
+ sudo tee $cluster_log/setup-kata-webhook.log
+ kata_webhook_deployed=true
+ pushd $kud_tests
+ bash kata.sh || failed_kud_tests="${failed_kud_tests} kata"
+ popd
+ fi
+ #Run other plugin tests
+ for addon in ${kud_addons}; do
pushd $kud_tests
bash ${addon}.sh || failed_kud_tests="${failed_kud_tests} ${addon}"
case $addon in
@@ -150,11 +183,30 @@ function install_addons {
esac
popd
done
+ # Remove Kata webhook if user didn't want it permanently installed
+ if ! [ "$enable_kata_webhook" == "true" ] && [ "$kata_webhook_deployed" == "true" ]; then
+ ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
+ -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
+ $kud_playbooks/configure-kata-webhook-reset.yml \
+ --become --become-user=root | \
+ sudo tee $cluster_log/kata-webhook-reset.log
+ kata_webhook_deployed=false
+ fi
if [[ ! -z "$failed_kud_tests" ]]; then
echo "Test cases failed:${failed_kud_tests}"
return 1
fi
fi
+
+ # Check if Kata webhook should be installed and isn't already installed
+ if [ "$enable_kata_webhook" == "true" ] && ! [ "$kata_webhook_deployed" == "true" ]; then
+ ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
+ -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
+ $kud_playbooks/configure-kata-webhook.yml \
+ --become --become-user=root | \
+ sudo tee $cluster_log/setup-kata-webhook.log
+ fi
+
echo "Add-ons deployment complete..."
}
@@ -230,6 +282,15 @@ kud_playbooks=$kud_infra_folder/playbooks
kud_tests=$kud_folder/../../tests
k8s_info_file=$kud_folder/k8s_info.log
testing_enabled=${KUD_ENABLE_TESTS:-false}
+container_runtime=${CONTAINER_RUNTIME:-docker}
+enable_kata_webhook=${ENABLE_KATA_WEBHOOK:-false}
+kata_webhook_runtimeclass=${KATA_WEBHOOK_RUNTIMECLASS:-kata-qemu}
+kata_webhook_deployed=false
+# For containerd the etcd_deployment_type: docker is the default and doesn't work.
+# You have to use either etcd_kubeadm_enabled: true or etcd_deployment_type: host
+# See https://github.com/kubernetes-sigs/kubespray/issues/5713
+kud_kata_override_variables="container_manager=containerd \
+ -e etcd_deployment_type=host -e kubelet_cgroup_driver=cgroupfs"
mkdir -p /opt/csar
export CSAR_DIR=/opt/csar
@@ -336,6 +397,7 @@ if [ "$1" == "--cluster" ]; then
exit 0
fi
+
echo "Error: Refer the installer usage"
usage
exit 1
diff --git a/kud/hosting_providers/vagrant/README.md b/kud/hosting_providers/vagrant/README.md
index 3d0766b3..3a93a73e 100644
--- a/kud/hosting_providers/vagrant/README.md
+++ b/kud/hosting_providers/vagrant/README.md
@@ -39,6 +39,20 @@ the following instructions:
In-depth documentation and use cases of various Vagrant commands [Vagrant commands][3]
is available on the Vagrant site.
+### CRI Runtimes
+
+Currently both docker and containerd are supported CRI runtimes. If nothing is
+specified then docker will be used by default. This can be changed by setting
+the `CONTAINER_RUNTIME` environment variable. To be able to run secure
+containers using Kata Containers it is required to change the CRI runtime to
+containerd.
+
+```
+$ export CONTAINER_RUNTIME=containerd
+```
+
+
+
## License
Apache-2.0
diff --git a/kud/hosting_providers/vagrant/installer.sh b/kud/hosting_providers/vagrant/installer.sh
index bc2e91ae..c88dc9e6 100755
--- a/kud/hosting_providers/vagrant/installer.sh
+++ b/kud/hosting_providers/vagrant/installer.sh
@@ -142,8 +142,31 @@ function install_k8s {
echo "https_proxy: \"$https_proxy\"" | tee --append $kud_inventory_folder/group_vars/all.yml
fi
export ANSIBLE_CONFIG=$dest_folder/kubespray-$version/ansible.cfg
- ansible-playbook $verbose -i $kud_inventory $kud_playbooks/preconfigure-kubespray.yml --become --become-user=root | sudo tee $log_folder/setup-kubernetes.log
- ansible-playbook $verbose -i $kud_inventory $dest_folder/kubespray-$version/cluster.yml --become --become-user=root | sudo tee $log_folder/setup-kubernetes.log
+
+ ansible-playbook $verbose -i $kud_inventory \
+ $kud_playbooks/preconfigure-kubespray.yml --become --become-user=root \
+ | sudo tee $log_folder/setup-kubernetes.log
+ if [ "$container_runtime" == "docker" ]; then
+ /bin/echo -e "\n\e[1;42mDocker will be used as the container runtime interface\e[0m"
+ ansible-playbook $verbose -i $kud_inventory \
+ $dest_folder/kubespray-$version/cluster.yml --become \
+ --become-user=root | sudo tee $log_folder/setup-kubernetes.log
+ elif [ "$container_runtime" == "containerd" ]; then
+ /bin/echo -e "\n\e[1;42mContainerd will be used as the container runtime interface\e[0m"
+ # Because the kud_kata_override_variable has its own quotations in it
+ # a eval command is needed to properly execute the ansible script
+ ansible_kubespray_cmd="ansible-playbook $verbose -i $kud_inventory \
+ $dest_folder/kubespray-$version/cluster.yml \
+ -e ${kud_kata_override_variables} --become --become-user=root | \
+ sudo tee $log_folder/setup-kubernetes.log"
+ eval $ansible_kubespray_cmd
+ ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
+ $kud_playbooks/configure-kata.yml --become --become-user=root | \
+ sudo tee $log_folder/setup-kata.log
+ else
+ echo "Only Docker or Containerd are supported container runtimes"
+ exit 1
+ fi
# Configure environment
mkdir -p $HOME/.kube
@@ -159,25 +182,66 @@ function install_addons {
_install_ansible
sudo ansible-galaxy install $verbose -r $kud_infra_folder/galaxy-requirements.yml --ignore-errors
ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" $kud_playbooks/configure-kud.yml | sudo tee $log_folder/setup-kud.log
+
# The order of KUD_ADDONS is important: some plugins (sriov, qat)
- # require nfd to be enabled.
- for addon in ${KUD_ADDONS:-topology-manager virtlet ovn4nfv nfd sriov qat optane cmk}; do
+ # require nfd to be enabled. Some addons are not currently supported with containerd
+ if [ "${container_runtime}" == "docker" ]; then
+ kud_addons=${KUD_ADDONS:-topology-manager virtlet ovn4nfv nfd sriov \
+ qat optane cmk}
+ elif [ "${container_runtime}" == "containerd" ]; then
+ kud_addons=${KUD_ADDONS:-ovn4nfv nfd}
+ fi
+
+ for addon in ${kud_addons}; do
echo "Deploying $addon using configure-$addon.yml playbook.."
- ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" $kud_playbooks/configure-${addon}.yml | sudo tee $log_folder/setup-${addon}.log
+ ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
+ $kud_playbooks/configure-${addon}.yml | \
+ sudo tee $log_folder/setup-${addon}.log
done
+
echo "Run the test cases if testing_enabled is set to true."
if [[ "${testing_enabled}" == "true" ]]; then
failed_kud_tests=""
- for addon in ${KUD_ADDONS:-multus topology-manager virtlet ovn4nfv nfd sriov qat optane cmk}; do
+ # Run Kata test first if Kata was installed
+ if [ "${container_runtime}" == "containerd" ]; then
+ #Install Kata webhook for test pods
+ ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
+ -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
+ $kud_playbooks/configure-kata-webhook.yml \
+ --become --become-user=root | \
+ sudo tee $log_folder/setup-kata-webhook.log
+ kata_webhook_deployed=true
+ pushd $kud_tests
+ bash kata.sh || failed_kud_tests="${failed_kud_tests} kata"
+ popd
+ fi
+ # Run other plugin tests
+ for addon in ${kud_addons}; do
pushd $kud_tests
bash ${addon}.sh || failed_kud_tests="${failed_kud_tests} ${addon}"
popd
done
+ # Remove Kata webhook if user didn't want it permanently installed
+ if ! [ "${enable_kata_webhook}" == "true" ]; then
+ ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
+ -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
+ $kud_playbooks/configure-kata-webhook-reset.yml \
+ --become --become-user=root | \
+ sudo tee $log_folder/kata-webhook-reset.log
+ fi
if [[ ! -z "$failed_kud_tests" ]]; then
echo "Test cases failed:${failed_kud_tests}"
return 1
fi
fi
+ # Check if Kata webhook should be installed and isn't already installed
+ if [ "$enable_kata_webhook" == "true" ] && ! [ "$kata_webhook_deployed" == "true" ]; then
+ ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
+ -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
+ $kud_playbooks/configure-kata-webhook.yml \
+ --become --become-user=root | \
+ sudo tee $log_folder/setup-kata-webhook.log
+ fi
echo "Add-ons deployment complete..."
}
@@ -248,6 +312,17 @@ kud_playbooks=$kud_infra_folder/playbooks
kud_tests=$kud_folder/../../tests
k8s_info_file=$kud_folder/k8s_info.log
testing_enabled=${KUD_ENABLE_TESTS:-false}
+container_runtime=${CONTAINER_RUNTIME:-docker}
+enable_kata_webhook=${ENABLE_KATA_WEBHOOK:-false}
+kata_webhook_runtimeclass=${KATA_WEBHOOK_RUNTIMECLASS:-kata-clh}
+kata_webhook_deployed=false
+# For containerd the etcd_deployment_type: docker is the default and doesn't work.
+# You have to use either etcd_kubeadm_enabled: true or etcd_deployment_type: host
+# See https://github.com/kubernetes-sigs/kubespray/issues/5713
+kud_kata_override_variables="container_manager=containerd \
+ -e etcd_deployment_type=host -e kubelet_cgroup_driver=cgroupfs \
+ -e \"{'download_localhost': false}\" -e \"{'download_run_once': false}\""
+
sudo mkdir -p $log_folder
sudo mkdir -p /opt/csar
sudo chown -R $USER /opt/csar
diff --git a/kud/tests/kata-clh.yml b/kud/tests/kata-clh.yml
new file mode 100644
index 00000000..6498213f
--- /dev/null
+++ b/kud/tests/kata-clh.yml
@@ -0,0 +1,26 @@
+---
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+kind: Pod
+apiVersion: v1
+metadata:
+ name: kata-clh
+spec:
+ runtimeClassName: kata-clh
+ containers:
+ - name: busybox
+ image: busybox
+ imagePullPolicy: Always
+ command: [ "sleep", "100000" ] \ No newline at end of file
diff --git a/kud/tests/kata-qemu.yml b/kud/tests/kata-qemu.yml
new file mode 100644
index 00000000..d95748e2
--- /dev/null
+++ b/kud/tests/kata-qemu.yml
@@ -0,0 +1,26 @@
+---
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+kind: Pod
+apiVersion: v1
+metadata:
+ name: kata-qemu
+spec:
+ runtimeClassName: kata-qemu
+ containers:
+ - name: busybox
+ image: busybox
+ imagePullPolicy: Always
+ command: [ "sleep", "100000" ] \ No newline at end of file
diff --git a/kud/tests/kata.sh b/kud/tests/kata.sh
new file mode 100755
index 00000000..f55d8cd3
--- /dev/null
+++ b/kud/tests/kata.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+#source _common_test.sh
+#source _common.sh
+#source _functions.sh
+
+kata_pods="kata-qemu kata-clh"
+
+function wait_for_pod {
+ status_phase=""
+ while [[ "$status_phase" != "Running" ]]; do
+ new_phase="$(kubectl get pods -o wide | grep ^$1 | awk '{print $3}')"
+ if [[ "$new_phase" != "$status_phase" ]]; then
+ status_phase="$new_phase"
+ fi
+ if [[ "$new_phase" == "Err"* ]]; then
+ exit 1
+ fi
+ sleep 2
+ done
+}
+
+for pod in ${kata_pods};do
+ echo "Deploying ${pod} pod"
+ kubectl apply -f ${pod}.yml
+ wait_for_pod ${pod}
+ echo "Pod ${pod} deployed successfully"
+ kubectl delete -f ${pod}.yml
+done