Merge gvisor-containerd-shim

author: Adin Scannell <ascannell@google.com> 2020-07-09 16:59:42 -0700
committer: Adin Scannell <ascannell@google.com> 2020-07-09 16:59:42 -0700
commit: 5471dbe2f36976eb61f8c8fe8eaafd5da0569779 (patch)
tree: 08fa0f9691189012085c5a515dd81dea46a105e2 /test/shim/untrusted-workload/install.sh
parent: 5946f111827fa4e342a2e6e9c043c198d2e5cb03 (diff)
parent: 7f8172edf583e0d26bee5e06578a442c7507ba6f (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/test/shim/untrusted-workload/install.sh b/test/shim/untrusted-workload/install.sh
new file mode 100755
index 000000000..c4538aed1
--- /dev/null
+++ b/test/shim/untrusted-workload/install.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# A sample script for installing and configuring the gvisor-containerd-shim to
+# use the untrusted workload extension.
+
+set -ex
+
+{ # Step 1: Create containerd config.toml
+cat <<EOF | sudo tee /etc/containerd/config.toml
+disabled_plugins = ["restart"]
+[plugins.linux]
+  shim = "/usr/local/bin/gvisor-containerd-shim"
+  shim_debug = true
+# Set to avoid port overlap on older versions of containerd where default is 10010.
+[plugins.cri]
+  stream_server_port = "10011"
+[plugins.cri.containerd.untrusted_workload_runtime]
+  runtime_type = "io.containerd.runtime.v1.linux"
+  runtime_engine = "/usr/local/bin/runsc"
+  runtime_root = "/run/containerd/runsc"
+EOF
+}
+
+{ # Step 2: Restart containerd
+sudo pkill containerd
+sudo containerd -log-level debug &>/tmp/containerd-cri.log &
+}
author	Adin Scannell <ascannell@google.com>	2020-07-09 16:59:42 -0700
committer	Adin Scannell <ascannell@google.com>	2020-07-09 16:59:42 -0700
commit	5471dbe2f36976eb61f8c8fe8eaafd5da0569779 (patch)
tree	08fa0f9691189012085c5a515dd81dea46a105e2 /test/shim/untrusted-workload/install.sh
parent	5946f111827fa4e342a2e6e9c043c198d2e5cb03 (diff)
parent	7f8172edf583e0d26bee5e06578a442c7507ba6f (diff)