commit
9888bc3ed6
5 changed files with 33 additions and 33 deletions
30
README.md
30
README.md
|
@ -1,5 +1,5 @@
|
||||||
![cri-o logo](https://cdn.rawgit.com/kubernetes-incubator/cri-o/master/logo/crio-logo.svg)
|
![CRI-O logo](https://cdn.rawgit.com/kubernetes-incubator/cri-o/master/logo/crio-logo.svg)
|
||||||
# cri-o - OCI-based implementation of Kubernetes Container Runtime Interface
|
# CRI-O - OCI-based implementation of Kubernetes Container Runtime Interface
|
||||||
|
|
||||||
[![Build Status](https://img.shields.io/travis/kubernetes-incubator/cri-o.svg?maxAge=2592000&style=flat-square)](https://travis-ci.org/kubernetes-incubator/cri-o)
|
[![Build Status](https://img.shields.io/travis/kubernetes-incubator/cri-o.svg?maxAge=2592000&style=flat-square)](https://travis-ci.org/kubernetes-incubator/cri-o)
|
||||||
[![Go Report Card](https://goreportcard.com/badge/github.com/kubernetes-incubator/cri-o?style=flat-square)](https://goreportcard.com/report/github.com/kubernetes-incubator/cri-o)
|
[![Go Report Card](https://goreportcard.com/badge/github.com/kubernetes-incubator/cri-o?style=flat-square)](https://goreportcard.com/report/github.com/kubernetes-incubator/cri-o)
|
||||||
|
@ -8,11 +8,11 @@
|
||||||
|
|
||||||
## What is the scope of this project?
|
## What is the scope of this project?
|
||||||
|
|
||||||
cri-o is meant to provide an integration path between OCI conformant runtimes and the kubelet.
|
CRI-O is meant to provide an integration path between OCI conformant runtimes and the kubelet.
|
||||||
Specifically, it implements the Kubelet [Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md) using OCI conformant runtimes.
|
Specifically, it implements the Kubelet [Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md) using OCI conformant runtimes.
|
||||||
The scope of cri-o is tied to the scope of the CRI.
|
The scope of CRI-O is tied to the scope of the CRI.
|
||||||
|
|
||||||
At a high level, we expect the scope of cri-o to be restricted to the following functionalities:
|
At a high level, we expect the scope of CRI-O to be restricted to the following functionalities:
|
||||||
|
|
||||||
* Support multiple image formats including the existing Docker image format
|
* Support multiple image formats including the existing Docker image format
|
||||||
* Support for multiple means to download images including trust & image verification
|
* Support for multiple means to download images including trust & image verification
|
||||||
|
@ -24,7 +24,7 @@ At a high level, we expect the scope of cri-o to be restricted to the following
|
||||||
## What is not in scope for this project?
|
## What is not in scope for this project?
|
||||||
|
|
||||||
* Building, signing and pushing images to various image storages
|
* Building, signing and pushing images to various image storages
|
||||||
* A CLI utility for interacting with cri-o. Any CLIs built as part of this project are only meant for testing this project and there will be no guarantees on the backward compatibility with it.
|
* A CLI utility for interacting with CRI-O. Any CLIs built as part of this project are only meant for testing this project and there will be no guarantees on the backward compatibility with it.
|
||||||
|
|
||||||
This is an implementation of the Kubernetes Container Runtime Interface (CRI) that will allow Kubernetes to directly launch and manage Open Container Initiative (OCI) containers.
|
This is an implementation of the Kubernetes Container Runtime Interface (CRI) that will allow Kubernetes to directly launch and manage Open Container Initiative (OCI) containers.
|
||||||
|
|
||||||
|
@ -80,21 +80,21 @@ It is currently in active development in the Kubernetes community through the [d
|
||||||
|
|
||||||
[CRI-O configures OCI Hooks to run when launching a container](./hooks.md)
|
[CRI-O configures OCI Hooks to run when launching a container](./hooks.md)
|
||||||
|
|
||||||
## cri-o Usage Transfer
|
## CRI-O Usage Transfer
|
||||||
|
|
||||||
[Useful information for ops and dev transfer as it relates to infrastructure that utilizes cri-o](/transfer.md)
|
[Useful information for ops and dev transfer as it relates to infrastructure that utilizes CRI-O](/transfer.md)
|
||||||
|
|
||||||
## Communication
|
## Communication
|
||||||
|
|
||||||
For async communication and long running discussions please use issues and pull requests on the github repo. This will be the best place to discuss design and implementation.
|
For async communication and long running discussions please use issues and pull requests on the github repo. This will be the best place to discuss design and implementation.
|
||||||
|
|
||||||
For sync communication we have an IRC channel #cri-o, on chat.freenode.net, that everyone is welcome to join and chat about development.
|
For sync communication we have an IRC channel #CRI-O, on chat.freenode.net, that everyone is welcome to join and chat about development.
|
||||||
|
|
||||||
## Getting started
|
## Getting started
|
||||||
|
|
||||||
### Prerequisites
|
### Prerequisites
|
||||||
|
|
||||||
Latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by crio.
|
Latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by CRI-O.
|
||||||
|
|
||||||
### Build and Run Dependencies
|
### Build and Run Dependencies
|
||||||
|
|
||||||
|
@ -165,7 +165,7 @@ apt-get install -y \
|
||||||
|
|
||||||
### Get Source Code
|
### Get Source Code
|
||||||
|
|
||||||
As with other Go projects, cri-o must be cloned into a directory structure like:
|
As with other Go projects, CRI-O must be cloned into a directory structure like:
|
||||||
|
|
||||||
```
|
```
|
||||||
GOPATH
|
GOPATH
|
||||||
|
@ -199,7 +199,7 @@ make
|
||||||
sudo make install
|
sudo make install
|
||||||
```
|
```
|
||||||
|
|
||||||
Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make.
|
Otherwise, if you do not want to build `CRI-O` with seccomp support you can add `BUILDTAGS=""` when running make.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
make BUILDTAGS=""
|
make BUILDTAGS=""
|
||||||
|
@ -208,7 +208,7 @@ sudo make install
|
||||||
|
|
||||||
#### Build Tags
|
#### Build Tags
|
||||||
|
|
||||||
`cri-o` supports optional build tags for compiling support of various features.
|
`CRI-O` supports optional build tags for compiling support of various features.
|
||||||
To add build tags to the make option the `BUILDTAGS` variable must be set.
|
To add build tags to the make option the `BUILDTAGS` variable must be set.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -234,10 +234,10 @@ your system.
|
||||||
|
|
||||||
### Running with kubernetes
|
### Running with kubernetes
|
||||||
|
|
||||||
You can run a local version of kubernetes with cri-o using `local-up-cluster.sh`:
|
You can run a local version of kubernetes with CRI-O using `local-up-cluster.sh`:
|
||||||
|
|
||||||
1. Clone the [kubernetes repository](https://github.com/kubernetes/kubernetes)
|
1. Clone the [kubernetes repository](https://github.com/kubernetes/kubernetes)
|
||||||
1. Start the cri-o daemon (`crio`)
|
1. Start the CRI-O daemon (`crio`)
|
||||||
1. From the kubernetes project directory, run:
|
1. From the kubernetes project directory, run:
|
||||||
```shell
|
```shell
|
||||||
CGROUP_DRIVER=systemd \
|
CGROUP_DRIVER=systemd \
|
||||||
|
|
|
@ -94,7 +94,7 @@ set the CPU profile file path
|
||||||
ignore: All volumes are just ignored and no action is taken.
|
ignore: All volumes are just ignored and no action is taken.
|
||||||
|
|
||||||
**--listen**=""
|
**--listen**=""
|
||||||
Path to crio socket (default: "/var/run/crio.sock")
|
Path to CRI-O socket (default: "/var/run/crio.sock")
|
||||||
|
|
||||||
**--log**=""
|
**--log**=""
|
||||||
Set the log file path where internal debug information is written
|
Set the log file path where internal debug information is written
|
||||||
|
@ -103,7 +103,7 @@ set the CPU profile file path
|
||||||
Set the format used by logs ('text' (default), or 'json') (default: "text")
|
Set the format used by logs ('text' (default), or 'json') (default: "text")
|
||||||
|
|
||||||
**--log-level**=""
|
**--log-level**=""
|
||||||
log CRI-O messages above specified level: debug, info (default), warn, error, fatal or panic
|
log crio messages above specified level: debug, info (default), warn, error, fatal or panic
|
||||||
|
|
||||||
**--log-size-max**=""
|
**--log-size-max**=""
|
||||||
Maximum log size in bytes for a container (default: -1 (no limit)).
|
Maximum log size in bytes for a container (default: -1 (no limit)).
|
||||||
|
@ -119,13 +119,13 @@ set the CPU profile file path
|
||||||
Maximum number of processes allowed in a container (default: 1024)
|
Maximum number of processes allowed in a container (default: 1024)
|
||||||
|
|
||||||
**--root**=""
|
**--root**=""
|
||||||
CRIO root dir (default: "/var/lib/containers/storage")
|
The crio root dir (default: "/var/lib/containers/storage")
|
||||||
|
|
||||||
**--registry**=""
|
**--registry**=""
|
||||||
Registry host which will be prepended to unqualified images, can be specified multiple times
|
Registry host which will be prepended to unqualified images, can be specified multiple times
|
||||||
|
|
||||||
**--runroot**=""
|
**--runroot**=""
|
||||||
CRIO state dir (default: "/var/run/containers/storage")
|
The crio state dir (default: "/var/run/containers/storage")
|
||||||
|
|
||||||
**--runtime**=""
|
**--runtime**=""
|
||||||
OCI runtime path (default: "/usr/bin/runc")
|
OCI runtime path (default: "/usr/bin/runc")
|
||||||
|
@ -158,13 +158,13 @@ set the CPU profile file path
|
||||||
Print the version
|
Print the version
|
||||||
|
|
||||||
# COMMANDS
|
# COMMANDS
|
||||||
CRIO's default command is to start the daemon. However, it currently offers a
|
CRI-O's default command is to start the daemon. However, it currently offers a
|
||||||
single additional subcommand.
|
single additional subcommand.
|
||||||
|
|
||||||
## config
|
## config
|
||||||
|
|
||||||
Outputs a commented version of the configuration file that would've been used
|
Outputs a commented version of the configuration file that would've been used
|
||||||
by CRIO. This allows you to save you current configuration setup and then load
|
by CRI-O. This allows you to save you current configuration setup and then load
|
||||||
it later with **--config**. Global options will modify the output.
|
it later with **--config**. Global options will modify the output.
|
||||||
|
|
||||||
**--default**
|
**--default**
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Running cri-o on kubernetes cluster
|
# Running CRI-O on kubernetes cluster
|
||||||
|
|
||||||
## Switching runtime from docker to cri-o
|
## Switching runtime from docker to CRI-O
|
||||||
|
|
||||||
In standard docker kubernetes cluster, kubelet is running on each node as systemd service and is taking care of communication between runtime and api service.
|
In standard docker kubernetes cluster, kubelet is running on each node as systemd service and is taking care of communication between runtime and api service.
|
||||||
It is reponsible for starting microservices pods (such as `kube-proxy`, `kubedns`, etc. - they can be different for various ways of deploying k8s) and user pods.
|
It is reponsible for starting microservices pods (such as `kube-proxy`, `kubedns`, etc. - they can be different for various ways of deploying k8s) and user pods.
|
||||||
|
@ -9,7 +9,7 @@ Configuration of kubelet determines which runtime is used and in what way.
|
||||||
Kubelet itself is executed in docker container (as we can see in `kubelet.service`), but, what is important, **it's not** a kubernetes pod (at least for now),
|
Kubelet itself is executed in docker container (as we can see in `kubelet.service`), but, what is important, **it's not** a kubernetes pod (at least for now),
|
||||||
so we can keep kubelet running inside container (as well as directly on the host), and regardless of this, run pods in chosen runtime.
|
so we can keep kubelet running inside container (as well as directly on the host), and regardless of this, run pods in chosen runtime.
|
||||||
|
|
||||||
Below, you can find an instruction how to switch one or more nodes on running kubernetes cluster from docker to cri-o.
|
Below, you can find an instruction how to switch one or more nodes on running kubernetes cluster from docker to CRI-O.
|
||||||
|
|
||||||
### Preparing crio
|
### Preparing crio
|
||||||
|
|
||||||
|
@ -95,7 +95,7 @@ If your cluster is using flannel network, your network configuration should be l
|
||||||
```
|
```
|
||||||
Then, kubelet will take parameters from `/run/flannel/subnet.env` - file generated by flannel kubelet microservice.
|
Then, kubelet will take parameters from `/run/flannel/subnet.env` - file generated by flannel kubelet microservice.
|
||||||
|
|
||||||
## Starting kubelet with cri-o
|
## Starting kubelet with CRI-O
|
||||||
Start crio first, then kubelet. If you created `crio` service:
|
Start crio first, then kubelet. If you created `crio` service:
|
||||||
```
|
```
|
||||||
# systemctl start crio
|
# systemctl start crio
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
# cri-o Usage Transfer
|
# CRI-O Usage Transfer
|
||||||
|
|
||||||
This document outlines useful information for ops and dev transfer as it relates to infrastructure that utilizes cri-o.
|
This document outlines useful information for ops and dev transfer as it relates to infrastructure that utilizes CRI-O.
|
||||||
|
|
||||||
## Operational Transfer
|
## Operational Transfer
|
||||||
|
|
||||||
## Abstract
|
## Abstract
|
||||||
|
|
||||||
The `crio` daemon is intended to provide the [CRI](https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md) socket needed for Kubernetes to use for automating deployment, scaling, and management of containerized applications (See the document for [configuring kubernetes to use cri-o](./kubernetes.md) for more information on that).
|
The `crio` daemon is intended to provide the [CRI](https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md) socket needed for Kubernetes to use for automating deployment, scaling, and management of containerized applications (See the document for [configuring kubernetes to use CRI-O](./kubernetes.md) for more information on that).
|
||||||
Therefore the `crioctl` command line is a client that interfaces to the same grpc socket as the kubernetes daemon would, for talking to the `crio` daemon.
|
Therefore the `crioctl` command line is a client that interfaces to the same grpc socket as the kubernetes daemon would, for talking to the `crio` daemon.
|
||||||
In many ways `crioctl` is only as feature rich as the Kubernetes CRI requires.
|
In many ways `crioctl` is only as feature rich as the Kubernetes CRI requires.
|
||||||
There are additional tools e.g. `kpod` and [`buildah`](https://github.com/projectatomic/buildah) that provide a feature rich set of commands for all operational needs in a Kubernetes environment.
|
There are additional tools e.g. `kpod` and [`buildah`](https://github.com/projectatomic/buildah) that provide a feature rich set of commands for all operational needs in a Kubernetes environment.
|
||||||
|
@ -20,7 +20,7 @@ As well as some systemd helpers like `systemd-cgls` and `systemd-cgtop` are stil
|
||||||
## Equivalents
|
## Equivalents
|
||||||
|
|
||||||
For many troubleshooting and information collection steps, there may be an existing pattern.
|
For many troubleshooting and information collection steps, there may be an existing pattern.
|
||||||
Following provides equivalent with cri-o tools for gathering information or jumping into containers, for operational use.
|
Following provides equivalent with CRI-O tools for gathering information or jumping into containers, for operational use.
|
||||||
|
|
||||||
| Existing Step | CRI-O (and friends) |
|
| Existing Step | CRI-O (and friends) |
|
||||||
| :---: | :---: |
|
| :---: | :---: |
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
# cri-o Tutorial
|
# CRI-O Tutorial
|
||||||
|
|
||||||
This tutorial will walk you through the installation of [cri-o](https://github.com/kubernetes-incubator/cri-o), an Open Container Initiative-based implementation of [Kubernetes Container Runtime Interface](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/container-runtime-interface-v1.md), and the creation of [Redis](https://redis.io/) server running in a [Pod](http://kubernetes.io/docs/user-guide/pods/).
|
This tutorial will walk you through the installation of [CRI-O](https://github.com/kubernetes-incubator/cri-o), an Open Container Initiative-based implementation of [Kubernetes Container Runtime Interface](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/container-runtime-interface-v1.md), and the creation of [Redis](https://redis.io/) server running in a [Pod](http://kubernetes.io/docs/user-guide/pods/).
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
A Linux machine is required to download and build the `cri-o` components and run the commands in this tutorial.
|
A Linux machine is required to download and build the `CRI-O` components and run the commands in this tutorial.
|
||||||
|
|
||||||
Create a machine running Ubuntu 16.10:
|
Create a machine running Ubuntu 16.10:
|
||||||
|
|
||||||
|
@ -277,7 +277,7 @@ At this point `CNI` is installed and configured to allocation IP address to cont
|
||||||
|
|
||||||
## Pod Tutorial
|
## Pod Tutorial
|
||||||
|
|
||||||
Now that the `cri-o` components have been installed and configured we are ready to create a Pod. This section will walk you through launching a Redis server in a Pod. Once the Redis server is running we'll use telnet to verify it's working, then we'll stop the Redis server and clean up the Pod.
|
Now that the `CRI-O` components have been installed and configured we are ready to create a Pod. This section will walk you through launching a Redis server in a Pod. Once the Redis server is running we'll use telnet to verify it's working, then we'll stop the Redis server and clean up the Pod.
|
||||||
|
|
||||||
### Creating a Pod
|
### Creating a Pod
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue