cri

package
v0.0.0-...-0deb509 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 17, 2019 License: Apache-2.0 Imports: 24 Imported by: 0

README

Virtual Kubelet CRI Provider

This is a Virtual Kubelet Provider implementation that manages real pods and containers in a CRI-based container runtime.

Purpose

The purpose of the CRI Provider is for testing and prototyping ONLY. It is not to be used for any other purpose!

The whole point of the Virtual Kubelet project is to provide an interface for container runtimes that don't conform to the standard node-based model. The Kubelet codebase is the comprehensive standard CRI node agent and this Provider is not attempting to recreate that.

This Provider implementation should be seen as a bare-bones minimum implementation for making it easier to test the core of the Virtual Kubelet project against real pods and containers - in other words, more comprehensive than MockProvider.

This Provider implementation is also designed such that it can be used for prototyping new architectural features which can be developed against local Linux infrastructure. If the CRI provider can be shown to work successfully within a Linux guest, there can be a much higher degree of confidence that the abstraction should work for other Providers.

Dependencies

The simplest way to run the CRI provider is to install containerd 1.1, which already has the CRI plugin installed.

Configuring

  • Copy /etc/kubernetes/admin.conf from your master node and place it somewhere local to Virtual Kubelet
  • Find a client.crt and client.key that will allow you to authenticate with the API server and copy them somewhere local

Running

Start containerd

sudo nohup containerd > /tmp/containerd.out 2>&1 &

Create a script that will set up the environment and run Virtual Kubelet with the correct provider

#!/bin/bash
export VKUBELET_POD_IP=<IP of the Linux node>
export APISERVER_CERT_LOCATION="/etc/virtual-kubelet/client.crt"
export APISERVER_KEY_LOCATION="/etc/virtual-kubelet/client.key"
export KUBELET_PORT="10250"
cd bin
./virtual-kubelet --provider cri --kubeconfig admin.conf

The Provider assumes that the containerd socket is available at /run/containerd/containerd.sock which is the default location. It will write container logs at /var/log/vk-cri/ and mount volumes at /run/vk-cri/volumes/. You need to make sure that you run as a user that has permissions to read and write to these locations.

Limitations

  • The CRI provider does everything that the Provider interface currently allows it to do, principally managing the lifecycle of pods, returning logs and very little else.
  • It will create emptyDir, configmap and secret volumes as necessary, but won't update configmaps or secrets if they change as this has yet to be implemented in the base
  • It does not support any kind of persistent volumes
  • It will try to run kube-proxy when it starts and can successfully do that. However, as we transition VK to a model in which it treats services and routing in the abstract, this capability will be refactored as a means of testing that feature.
  • Networking should currently be considered non-functional

Documentation

Index

Constants

View Source
const CriSocketPath = "/run/containerd/containerd.sock"

TODO: Make these configurable

View Source
const PodConfigMapFilePerms = 0644
View Source
const PodConfigMapVolDir = "/configmaps"
View Source
const PodConfigMapVolPerms = 0755
View Source
const PodLogRoot = "/var/log/vk-cri/"
View Source
const PodLogRootPerms = 0755
View Source
const PodSecretFilePerms = 0644
View Source
const PodSecretVolDir = "/secrets"
View Source
const PodSecretVolPerms = 0755
View Source
const PodVolPerms = 0755
View Source
const PodVolRoot = "/run/vk-cri/volumes/"
View Source
const PodVolRootPerms = 0755

Variables

This section is empty.

Functions

This section is empty.

Types

type CRIPod

type CRIPod struct {
	// contains filtered or unexported fields
}

type CRIProvider

type CRIProvider struct {
	// contains filtered or unexported fields
}

CRIProvider implements the virtual-kubelet provider interface and manages pods in a CRI runtime NOTE: CRIProvider is not inteded as an alternative to Kubelet, rather it's intended for testing and POC purposes

As such, it is far from functionally complete and never will be. It provides the minimum function necessary

func NewCRIProvider

func NewCRIProvider(nodeName, operatingSystem string, internalIP string, resourceManager *manager.ResourceManager, daemonEndpointPort int32) (*CRIProvider, error)

Create a new CRIProvider

func (*CRIProvider) Capacity

func (p *CRIProvider) Capacity(ctx context.Context) v1.ResourceList

Provider function to return the capacity of the node

func (*CRIProvider) CreatePod

func (p *CRIProvider) CreatePod(ctx context.Context, pod *v1.Pod) error

Provider function to create a Pod

func (*CRIProvider) DeletePod

func (p *CRIProvider) DeletePod(ctx context.Context, pod *v1.Pod) error

Provider function to delete a pod and its containers

func (*CRIProvider) GetContainerLogs

func (p *CRIProvider) GetContainerLogs(ctx context.Context, namespace, podName, containerName string, opts providers.ContainerLogOpts) (io.ReadCloser, error)

Provider function to read the logs of a container

func (*CRIProvider) GetPod

func (p *CRIProvider) GetPod(ctx context.Context, namespace, name string) (*v1.Pod, error)

Provider function to return a Pod spec - mostly used for its status

func (*CRIProvider) GetPodFullName

func (p *CRIProvider) GetPodFullName(namespace string, pod string) string

Get full pod name as defined in the provider context TODO: Implementation

func (*CRIProvider) GetPodStatus

func (p *CRIProvider) GetPodStatus(ctx context.Context, namespace, name string) (*v1.PodStatus, error)

Provider function to return the status of a Pod

func (*CRIProvider) GetPods

func (p *CRIProvider) GetPods(ctx context.Context) ([]*v1.Pod, error)

Provider function to return all known pods TODO: Should this be all pods or just running pods?

func (*CRIProvider) NodeAddresses

func (p *CRIProvider) NodeAddresses(ctx context.Context) []v1.NodeAddress

Provider function to return a list of node addresses

func (*CRIProvider) NodeConditions

func (p *CRIProvider) NodeConditions(ctx context.Context) []v1.NodeCondition

Provider function to return node conditions TODO: For now, use the same node conditions as the MockProvider

func (*CRIProvider) NodeDaemonEndpoints

func (p *CRIProvider) NodeDaemonEndpoints(ctx context.Context) *v1.NodeDaemonEndpoints

Provider function to return the daemon endpoint

func (*CRIProvider) OperatingSystem

func (p *CRIProvider) OperatingSystem() string

Provider function to return the guest OS

func (*CRIProvider) RunInContainer

func (p *CRIProvider) RunInContainer(ctx context.Context, namespace, name, container string, cmd []string, attach providers.AttachIO) error

RunInContainer executes a command in a container in the pod, copying data between in/out/err and the container's stdin/stdout/stderr. TODO: Implementation

func (*CRIProvider) UpdatePod

func (p *CRIProvider) UpdatePod(ctx context.Context, pod *v1.Pod) error

Update is currently not required or even called by VK, so not implemented

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL