Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@liubin(liu bin)in株式会社gamba

Setup Kata containers development environment in 10 minutes

Last updated at Posted at 2020-07-21

Kata containers is moving to 2.0, in 2.0, agent will be use the rust version agent.

Here is how to setup a Kata containers development environment. User running these commands are root, so there is no sudo needed.

Prerequirement

First we need install some common packages for installation or build.

apt-get update && apt-get install -y apt-transport-https ca-certificates curl software-properties-common build-essential unzip

Install golang

wget https://golang.org/dl/go1.14.6.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.14.6.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin

Install rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

## build agent need musl target
rustup target add x86_64-unknown-linux-musl

containerd

First install from containerd.io package, this will do all the default configurations.

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
    $(lsb_release -cs) \
    stable"

apt-get update && apt-get install -y containerd.io

Update with latest release, if containerd.io package is too old.

wget https://github.com/containerd/containerd/releases/download/v1.3.6/containerd-1.3.6-linux-amd64.tar.gz
tar zxvf containerd-1.3.6-linux-amd64.tar.gz 
mv bin/* /usr/bin/
containerd -v
# output
containerd github.com/containerd/containerd v1.3.6 be75852b8d7849474a20192f9ed1bf34fdd454f1

Generate a full configuration file and restart contaienrd.

containerd config default > /etc/containerd/config.toml
systemctl daemon-reload
systemctl restart containerd

Install crictl

Install crictl from release.

VERSION="v1.17.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz

Create configuration file.

cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false
EOF

Install Kata containers

Install from Kata containers packages, this will install all binary, images, and configuration files for us.

ARCH=$(arch)
BRANCH="${BRANCH:-master}"
sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list"
curl -sL  http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_$(lsb_release -rs)/Release.key | apt-key add -

apt-get update && apt-get -y install kata-runtime

Add Kata runtime to contaienrd

Edit /etc/containerd/config.toml and add these under [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] :

        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
          runtime_type = "io.containerd.kata.v2"

Install CNI

Install CNI binary

CNI is needed for CRI.

git clone https://github.com/containernetworking/plugins.git
cd plugins/
./build_linux.sh 
mkdir -p /opt/cni/bin
mv bin/* /opt/cni/bin

Create CNI configuration file

mkdir -p /etc/cni/net.d

cat > /etc/cni/net.d/10-mynet.conf <<EOF
{
  "cniVersion": "0.2.0",
  "name": "mynet",
  "type": "bridge",
  "bridge": "cni0",
  "isGateway": true,
  "ipMasq": true,
  "ipam": {
    "type": "host-local",
    "subnet": "172.19.0.0/24",
    "routes": [
      { "dst": "0.0.0.0/0" }
    ]
  }
}
EOF

And then restart containerd.

systemctl restart containerd

Test

First, pull images manually(ctr can use https_proxy but crictl can't).

ctr -n k8s.io image pull k8s.gcr.io/pause:3.1
ctr -n k8s.io image pull docker.io/containerstack/alpine-stress:latest

crictl images

Create test yaml files for Pod and container.

cat > pod.yaml <<EOF
metadata:
  attempt: 1
  name: test-pod
  namespace: default
  uid: hdishd83djaidwnduwk28bcsb
log_directory: /tmp
linux:
  namespaces:
    options: {}
EOF

cat > container.yaml <<EOF
metadata:
  name: stress
image:
  image: containerstack/alpine-stress:latest
command:
- top
log_path: stress.0.log
EOF

Create and start container

pid=`crictl runp -r kata pod.yaml` && echo $pid
cid=`crictl create $pid container.yaml pod.yaml` && echo $cid
crictl start $cid

Clean all resouces created.

crictl stop $cid
crictl rm $cid

crictl stopp $pid
crictl rmp $pid

For VirtualBox users

To enable nested VT-X, you can use this command:

VBoxManage modifyvm kata-dev-20_default_1595310621453_89777 --nested-hw-virt on
0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?