From 757df252c1cd2939e20f22fe908e01dabfd30b7f Mon Sep 17 00:00:00 2001 From: Obed N Munoz Date: Mon, 21 Oct 2019 17:22:35 -0500 Subject: [PATCH] Add support for cri-resource-manager project This commit adds support for installing and configuring the [cri-resource-manager](https://github.com/intel/cri-resource-manager) project as an systemd-based service. It also adds the automation to configure `kubelet` service to consume it as a remote container runtime. Finally, it's providing the automation for cleaning up the `kubelet` service configuration to its original state without `cri-resource-manager`. Binary installation will be temporally consumed from a personal fork that is currently hosting `cri-resource-manager` binaries in the meantime that `cri-resource-manager` generates its packaging strategy. Signed-off-by: Obed N Munoz --- .../10-cri-resource-manager/README.md | 55 +++++++++++++++++++ .../10-cri-resource-manager/clean.sh | 18 ++++++ .../10-cri-resource-manager/install.sh | 31 +++++++++++ .../10-cri-resource-manager/setup.sh | 24 ++++++++ clr-k8s-examples/README.md | 3 + 5 files changed, 131 insertions(+) create mode 100644 clr-k8s-examples/10-cri-resource-manager/README.md create mode 100755 clr-k8s-examples/10-cri-resource-manager/clean.sh create mode 100755 clr-k8s-examples/10-cri-resource-manager/install.sh create mode 100755 clr-k8s-examples/10-cri-resource-manager/setup.sh diff --git a/clr-k8s-examples/10-cri-resource-manager/README.md b/clr-k8s-examples/10-cri-resource-manager/README.md new file mode 100644 index 00000000..3b9b68a0 --- /dev/null +++ b/clr-k8s-examples/10-cri-resource-manager/README.md @@ -0,0 +1,55 @@ +CRI Resource Manager +==================== +CRI Resource Manager serves as a relay/proxy between kubelet and the container runtime, relaying requests and responses back and forth between these two, potentially altering requests as they fly by. + +This document explains a very simple use case for the `cri-resource-manager`, for more details and tweaks +on CRI Resource Manager service, you can go to https://github.com/intel/cri-resource-manager. + +Install +------- +[`install.sh`](install.sh) script will download the binary and install it as an `systemd` service unit. Below you can see the available variables you can use to customize the usage of your CRI Resource Manager service. + +| Variable | Description | Default Value | +|-----------------------------|-------------------------------------------|--------------------------------------------------| +| `RUNNER` | Default Container Runtime | `containerd` | +| `CRI_RESMGR_POLICY` | CRI Resource Manager Policy type | `null` | +| `CRI_RESMGR_POLICY_OPTIONS` | CRI Resource Manager extra policy options | `-dump='reset,full:.*' -dump-file=/tmp/cri.dump` | +| `CRI_RESMGR_DEBUG_OPTIONS` | CRI Resource Manager debugging options | | + +``` +RUNNER=containerd ./install.sh +``` + +- Install verification + - Verify that the cri-resource-manager service is actually running. +``` +systemctl status cri-resource-manager +``` + - Verify that the `/var/run/cri-resmgr/cri-resmgr.sock` is created, it will indicate that `cri-resource-manager` is ready to receive requests. + + +Setup as a container runtime in `kubelet` +---------------------------------------- +The [`setup.sh`](setup.sh) script will configure the `kubelet` service to use the `cri-resource-manager` relay as its remote container runtime. +``` +./setup.sh +``` + +- Setup verification + - Kubelet service should be restarted and now using `cri-resource-manager` as its container runtime + - `cri-resource-manager` service's logs will be located at `/tmp/cri.dump` +``` +tail /tmp/cri.dump +``` + +Cleanup +------- +The [`clean.sh`](clean.sh) will first clean the `kubelet` service as it was before the `cri-resource-manager` and restarts `kubelet` service. +Then. it will proceed to stop the `cri-resource-manager` service. +``` +./clean.sh +``` + +More kubernetes native approach (experimental) +---------------------------------------------- +In case that you're interested in a more Kubernetes native way of deploying the CRI Resource manager, take a look on: https://github.com/obedmr/cri-resource-manager/blob/k8s-native/cmd/cri-resmgr/deployment.yaml \ No newline at end of file diff --git a/clr-k8s-examples/10-cri-resource-manager/clean.sh b/clr-k8s-examples/10-cri-resource-manager/clean.sh new file mode 100755 index 00000000..06cf3fa9 --- /dev/null +++ b/clr-k8s-examples/10-cri-resource-manager/clean.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -o errexit +set -o nounset + +# Kubelet +KUBEADM_FLAGS="/var/lib/kubelet/kubeadm-flags.env" +sudo rm -f /etc/systemd/system/kubelet.service.d/99-cri-resource-manager.conf +sudo systemctl daemon-reload +sudo systemctl restart kubelet + +if sudo test -f "$KUBEADM_FLAGS.bkp" ; then + sudo mv $KUBEADM_FLAGS.bkp $KUBEADM_FLAGS +fi + +# CRI Resource Manager +sudo systemctl stop cri-resource-manager +sudo systemctl disable cri-resource-manager diff --git a/clr-k8s-examples/10-cri-resource-manager/install.sh b/clr-k8s-examples/10-cri-resource-manager/install.sh new file mode 100755 index 00000000..0b32bb41 --- /dev/null +++ b/clr-k8s-examples/10-cri-resource-manager/install.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +set -o errexit +set -o nounset + +RUNNER=${RUNNER:-"containerd"} +CRI_RESMGR_POLICY=${CRI_RESMGR_POLICY:-"null"} +CRI_RESMGR_POLICY_OPTIONS=${CRI_RESMGR_POLICY_OPTIONS:-"-dump='reset,full:.*' -dump-file=/tmp/cri.dump"} +CRI_RESMGR_DEBUG_OPTIONS=${CRI_RESMGR_DEBUG_OPTIONS:-""} + +curl https://raw.githubusercontent.com/obedmr/cri-resource-manager/master/godownloader.sh | bash +sudo cp ./bin/* /usr/bin/ + +runtime_socket=$(sudo find /run/ -iname $RUNNER.sock | head -1) +CRI_RESMGR_POLICY_OPTIONS+=" -runtime-socket=$runtime_socket -image-socket=$runtime_socket" + +sudo mkdir -p /etc/sysconfig/ +cat <