diff options
Diffstat (limited to 'shim/v2')
| -rw-r--r-- | shim/v2/BUILD | 7 | ||||
| -rw-r--r-- | shim/v2/README.md | 15 | ||||
| -rw-r--r-- | shim/v2/main.go | 4 | ||||
| -rw-r--r-- | shim/v2/runtime-handler-shim-v2-quickstart.md | 59 |
4 files changed, 51 insertions, 34 deletions
diff --git a/shim/v2/BUILD b/shim/v2/BUILD index 1e1947dab..ae4705935 100644 --- a/shim/v2/BUILD +++ b/shim/v2/BUILD @@ -1,4 +1,4 @@ -load("//tools:defs.bzl", "go_binary", "pkg_tar") +load("//tools:defs.bzl", "go_binary") load("//website:defs.bzl", "doc") package(licenses = ["notice"]) @@ -8,15 +8,12 @@ go_binary( srcs = [ "main.go", ], - pure = True, + static = True, visibility = [ "//visibility:public", ], deps = [ - "//pkg/shim/runsc", - "//pkg/shim/v1/shim", "//pkg/shim/v2", - "@com_github_burntsushi_toml//:go_default_library", "@com_github_containerd_containerd//runtime/v2/shim:go_default_library", ], ) diff --git a/shim/v2/README.md b/shim/v2/README.md index 2fd625415..2aa7c21e3 100644 --- a/shim/v2/README.md +++ b/shim/v2/README.md @@ -51,17 +51,18 @@ In order to pick up the new configuration, you may need to restart containerd: ```shell sudo systemctl restart containerd ``` + ## Shim Confguration The shim configuration may carry the following options: -* `shim_cgroup`: The cgroup to use for the shim itself. -* `io_uid`: The UID to use for pipes. -* `ui_gid`: The GID to use for pipes. -* `binary_name`: The runtime binary name (defaults to `runsc`). -* `root`: The root directory for the runtime. -* `runsc_config`: A dictionary of key-value pairs that will be passed to the - runtime as arguments. +* `shim_cgroup`: The cgroup to use for the shim itself. +* `io_uid`: The UID to use for pipes. +* `ui_gid`: The GID to use for pipes. +* `binary_name`: The runtime binary name (defaults to `runsc`). +* `root`: The root directory for the runtime. +* `runsc_config`: A dictionary of key-value pairs that will be passed to the + runtime as arguments. ### Example: Enable the KVM platform diff --git a/shim/v2/main.go b/shim/v2/main.go index 41c77394a..753871eea 100644 --- a/shim/v2/main.go +++ b/shim/v2/main.go @@ -18,9 +18,9 @@ package main import ( "github.com/containerd/containerd/runtime/v2/shim" - runsc "gvisor.dev/gvisor/pkg/shim/v2" + "gvisor.dev/gvisor/pkg/shim/v2" ) func main() { - shim.Run("io.containerd.runsc.v1", runsc.New) + shim.Run("io.containerd.runsc.v1", v2.New) } diff --git a/shim/v2/runtime-handler-shim-v2-quickstart.md b/shim/v2/runtime-handler-shim-v2-quickstart.md index ca8336089..3b88ca74b 100644 --- a/shim/v2/runtime-handler-shim-v2-quickstart.md +++ b/shim/v2/runtime-handler-shim-v2-quickstart.md @@ -5,17 +5,21 @@ the containerd runtime handler support. This requires containerd 1.2 or later. ## Requirements -- **runsc**: See the [gVisor documentation](https://github.com/google/gvisor) for information on how to install runsc. -- **containerd**: See the [containerd website](https://containerd.io/) for information on how to install containerd. +- **runsc**: See the [gVisor documentation](https://github.com/google/gvisor) + for information on how to install runsc. +- **containerd**: See the [containerd website](https://containerd.io/) for + information on how to install containerd. ## Install ### Install containerd-shim-runsc-v1 -1. Build and install `containerd-shim-runsc-v1`. +1. Build and install `containerd-shim-runsc-v1`. <!-- TODO: Use a release once we have one available. --> + [embedmd]:# (../test/e2e/shim-install.sh shell /{ # Step 1\(dev\)/ /^}/) + ```shell { # Step 1(dev): Build and install gvisor-containerd-shim and containerd-shim-runsc-v1 make @@ -25,10 +29,11 @@ the containerd runtime handler support. This requires containerd 1.2 or later. ### Configure containerd -1. Update `/etc/containerd/config.toml`. Make sure `containerd-shim-runsc-v1` is - in `${PATH}`. +1. Update `/etc/containerd/config.toml`. Make sure `containerd-shim-runsc-v1` + is in `${PATH}`. [embedmd]:# (../test/e2e/runtime-handler-shim-v2/install.sh shell /{ # Step 1/ /^}/) + ```shell { # Step 1: Create containerd config.toml cat <<EOF | sudo tee /etc/containerd/config.toml @@ -41,7 +46,7 @@ EOF } ``` -2. Restart `containerd` +1. Restart `containerd` ```shell sudo systemctl restart containerd @@ -53,9 +58,10 @@ You can run containers in gVisor via containerd's CRI. ### Install crictl -1. Download and install the crictl binary: +1. Download and install the crictl binary: [embedmd]:# (../test/e2e/crictl-install.sh shell /{ # Step 1/ /^}/) + ```shell { # Step 1: Download crictl wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz @@ -64,9 +70,10 @@ sudo mv crictl /usr/local/bin } ``` -2. Write the crictl configuration file +1. Write the crictl configuration file [embedmd]:# (../test/e2e/crictl-install.sh shell /{ # Step 2/ /^}/) + ```shell { # Step 2: Configure crictl cat <<EOF | sudo tee /etc/crictl.yaml @@ -77,18 +84,20 @@ EOF ### Create the nginx Sandbox in gVisor -1. Pull the nginx image +1. Pull the nginx image [embedmd]:# (../test/e2e/runtime-handler/usage.sh shell /{ # Step 1/ /^}/) + ```shell { # Step 1: Pull the nginx image sudo crictl pull nginx } ``` -2. Create the sandbox creation request +1. Create the sandbox creation request [embedmd]:# (../test/e2e/runtime-handler/usage.sh shell /{ # Step 2/ /^EOF\n}/) + ```shell { # Step 2: Create sandbox.json cat <<EOF | tee sandbox.json @@ -107,9 +116,10 @@ EOF } ``` -3. Create the pod in gVisor +1. Create the pod in gVisor [embedmd]:# (../test/e2e/runtime-handler/usage.sh shell /{ # Step 3/ /^}/) + ```shell { # Step 3: Create the sandbox SANDBOX_ID=$(sudo crictl runp --runtime runsc sandbox.json) @@ -118,9 +128,10 @@ SANDBOX_ID=$(sudo crictl runp --runtime runsc sandbox.json) ### Run the nginx Container in the Sandbox -1. Create the nginx container creation request +1. Create the nginx container creation request [embedmd]:# (../test/e2e/run-container.sh shell /{ # Step 1/ /^EOF\n}/) + ```shell { # Step 1: Create nginx container config cat <<EOF | tee container.json @@ -139,18 +150,20 @@ EOF } ``` -2. Create the nginx container +1. Create the nginx container [embedmd]:# (../test/e2e/run-container.sh shell /{ # Step 2/ /^}/) + ```shell { # Step 2: Create nginx container CONTAINER_ID=$(sudo crictl create ${SANDBOX_ID} container.json sandbox.json) } ``` -3. Start the nginx container +1. Start the nginx container [embedmd]:# (../test/e2e/run-container.sh shell /{ # Step 3/ /^}/) + ```shell { # Step 3: Start nginx container sudo crictl start ${CONTAINER_ID} @@ -159,27 +172,30 @@ sudo crictl start ${CONTAINER_ID} ### Validate the container -1. Inspect the created pod +1. Inspect the created pod [embedmd]:# (../test/e2e/validate.sh shell /{ # Step 1/ /^}/) + ```shell { # Step 1: Inspect the pod sudo crictl inspectp ${SANDBOX_ID} } ``` -2. Inspect the nginx container +1. Inspect the nginx container [embedmd]:# (../test/e2e/validate.sh shell /{ # Step 2/ /^}/) + ```shell { # Step 2: Inspect the container sudo crictl inspect ${CONTAINER_ID} } ``` -3. Verify that nginx is running in gVisor +1. Verify that nginx is running in gVisor [embedmd]:# (../test/e2e/validate.sh shell /{ # Step 3/ /^}/) + ```shell { # Step 3: Check dmesg sudo crictl exec ${CONTAINER_ID} dmesg | grep -i gvisor @@ -188,9 +204,10 @@ sudo crictl exec ${CONTAINER_ID} dmesg | grep -i gvisor ### Set up the Kubernetes Runtime Class -1. Install the Runtime Class for gVisor +1. Install the Runtime Class for gVisor [embedmd]:# (../test/e2e/runtimeclass-install.sh shell /{ # Step 1/ /^}/) + ```shell { # Step 1: Install a RuntimeClass cat <<EOF | kubectl apply -f - @@ -203,9 +220,10 @@ EOF } ``` -2. Create a Pod with the gVisor Runtime Class +1. Create a Pod with the gVisor Runtime Class [embedmd]:# (../test/e2e/runtimeclass-install.sh shell /{ # Step 2/ /^}/) + ```shell { # Step 2: Create a pod cat <<EOF | kubectl apply -f - @@ -222,9 +240,10 @@ EOF } ``` -3. Verify that the Pod is running +1. Verify that the Pod is running [embedmd]:# (../test/e2e/runtimeclass-install.sh shell /{ # Step 3/ /^}/) + ```shell { # Step 3: Get the pod kubectl get pod nginx-gvisor -o wide |