diff --git a/Dockerfile b/Dockerfile index d575a485a1b38f2da7fc700cbc12e43f5a6d1e27..5df22555c9317a09ca7e35096d951b3ec8232962 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,7 @@ FROM centos:7.6.1810 -MAINTAINER LiFeng +MAINTAINER LiFeng # Install dependency package RUN yum clean all && yum swap -y fakesystemd systemd && \ diff --git a/README.md b/README.md index 066e9ddf997f5a63e5242136c1aa3010606361fb..5faa3b3a53c645e807049c952c45eb891b2dae4f 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,9 @@ $ sudo isula rm test ### Build from source Build requirements for developers are listed in [build_guide](./docs/build_guide.md) +### Integration +Integrate with `kubenetes` are listed in [integration.md](./docs/integration.md) + ## How to Contribute We always welcome new contributors. And we are happy to provide guidance for the new contributors. diff --git a/docs/integration.md b/docs/integration.md new file mode 100644 index 0000000000000000000000000000000000000000..3df097d9def56d5313e5bc6cd09895728d7a1f75 --- /dev/null +++ b/docs/integration.md @@ -0,0 +1,131 @@ +# Integrate kubenetes + +## Configuration + +1. Configure `isulad` + + Configure the `pod-sandbox-image` in `/etc/isulad/daemon.json`: + + ```json + "pod-sandbox-image": "my-pause:1.0.0" + ``` + + Configure the `endpoint`of `isulad`: + + ```json + "hosts" : [ + "unix:///var/run/isulad.sock" + ] + ``` + + if `hosts` is not configured, the default endpoint is `unix:///var/run/isulad.sock`. + +2. Restart `isulad`: + + ```bash + $ sudo systemctl restart isulad + ``` + +3. Start `kubelet` based on the configuration or default value: + + ```bash + $ /usr/bin/bubelet + --container-runtime-endpoint=unix:///var/run/isulad.sock + --image-service-endpoint=unix:///var/run/isulad.sock + --pod-infra-container-image=my-pause:1.0.0 + ... + ``` + +## Use RuntimeClass + +RuntimeClass is used for selecting the container runtime configuration to use to run a pod’s containers, see [runtime-class](https://kubernetes.io/docs/concepts/containers/runtime-class/). Currently, only `kata-containers` and `runc` this two `oci runtime` are supported. + +1. Configure `isulad` in `/etc/isulad/daemon.json`: + + ```json + "runtimes": { + "runc":{ + "path": "/usr/bin/runc", + "runtime-args": [] + }, + "kata-runtime": { + "path": "/usr/bin/kata-runtime", + "runtime-args": [ + "--kata-config", + "/usr/share/defaults/kata-containers/configuration.toml" + ] + } + } + ``` + +2. Extra configuration + + `iSulad` supports the `overlay2` and `devicemapper` as storage drivers. The default value is `overlay2`. + + In some scenarios, using block device type as storage drivers is a better choice, such as run a `kata-containers`. The procedure for configuring the `devicemapper` is as follows: + + Create ThinPool: + + ```bash + $ sudo pvcreate /dev/sdb1 # /dev/sdb1 for example + $ sudo vgcreate isulad /dev/sdb + $ sudo echo y | lvcreate --wipesignatures y -n thinpool isulad -L 200G + $ sudo echo y | lvcreate --wipesignatures y -n thinpoolmeta isulad -L 20G + $ sudo lvconvert -y --zero n -c 512K --thinpool isulad/thinpool --poolmetadata isulad/thinpoolmeta + $ sudo lvchange --metadataprofile isulad-thinpool isulad/thinpool + ``` + + Add configuration for `devicemapper` in `/etc/isulad/daemon.json`: + + ```json + "storage-driver": "devicemapper" + "storage-opts": [ + "dm.thinpooldev=/dev/mapper/isulad-thinpool", + "dm.fs=ext4", + "dm.min_free_space=10%" + ] + ``` + +3. Restart `isulad`: + + ```bash + $ sudo systemctl restart isulad + ``` + +4. Define `RuntimeClass CRD` for example: + + ```yaml + apiVersion: node.k8s.io/v1beta1 + kind: RuntimeClass + metadata: + name: kata-runtime + handler: kata-runtime + ``` + +5. Define pod spec `kata-pod.yaml` for example: + + ```yaml + apiVersion: v1 + kind: Pod + metadata: + name: kata-pod-example + spec: + runtimeClassName: kata-runtime + containers: + - name: kata-pod + image: busybox:latest + command: ["/bin/sh"] + args: ["-c", "sleep 1000"] + hostNetwork: true + ``` + +6. Run pod: + + ```bash + $ kubectl create -f kata-pod.yaml + $ kubectl get pod + NAME READY STATUS RESTARTS AGE + kata-pod-example 1/1 Running 4 2s + ``` + + \ No newline at end of file diff --git a/src/cmd/isulad/arguments.c b/src/cmd/isulad/arguments.c index 4c1ecde6e9682287cbfda0b2490d10de46dabc42..3f116db46f794762a56e0ac80f409cfc21d960a2 100644 --- a/src/cmd/isulad/arguments.c +++ b/src/cmd/isulad/arguments.c @@ -180,7 +180,7 @@ void service_arguments_free(struct service_arguments *args) free(args->logpath); args->logpath = NULL; - util_free_array(args->hosts); + util_free_array_by_len(args->hosts, args->hosts_len); args->hosts = NULL; args->hosts_len = 0; diff --git a/src/connect/client/isula_image_connect.c b/src/connect/client/isula_image_connect.c index b5ff790c8ca17026621665652c52f7cd08913825..e2767300af41df08e6f849e4d9158613ba9b16ac 100644 --- a/src/connect/client/isula_image_connect.c +++ b/src/connect/client/isula_image_connect.c @@ -97,7 +97,7 @@ void free_isula_prepare_request(struct isula_prepare_request *req) req->name = NULL; free(req->image); req->image = NULL; - util_free_array(req->storage_opts); + util_free_array_by_len(req->storage_opts, req->storage_opts_len); req->storage_opts = NULL; req->storage_opts_len = 0; free(req); @@ -210,10 +210,10 @@ void free_image_metadata(struct image_metadata *data) } free(data->id); data->id = NULL; - util_free_array(data->repo_tags); + util_free_array_by_len(data->repo_tags, data->repo_tags_len); data->repo_tags = NULL; data->repo_tags_len = 0; - util_free_array(data->repo_digests); + util_free_array_by_len(data->repo_digests, data->repo_digests_len); data->repo_digests = NULL; data->repo_digests_len = 0; free(data->username); diff --git a/src/libisula.c b/src/libisula.c index 58b1ee0a7b9e2c113452e87145a6fbb8de23db31..4ea923efca7d706f1bdf91572c1f1edb6bb9f511 100644 --- a/src/libisula.c +++ b/src/libisula.c @@ -220,7 +220,7 @@ void isula_ns_change_files_free(isula_host_config_t *hostconfig) return; } - util_free_array(hostconfig->ns_change_files); + util_free_array_by_len(hostconfig->ns_change_files, hostconfig->ns_change_files_len); hostconfig->ns_change_files = NULL; hostconfig->ns_change_files_len = 0; } @@ -252,11 +252,11 @@ void isula_host_config_free(isula_host_config_t *hostconfig) return; } - util_free_array(hostconfig->cap_add); + util_free_array_by_len(hostconfig->cap_add, hostconfig->cap_add_len); hostconfig->cap_add = NULL; hostconfig->cap_add_len = 0; - util_free_array(hostconfig->cap_drop); + util_free_array_by_len(hostconfig->cap_drop, hostconfig->cap_drop_len); hostconfig->cap_drop = NULL; hostconfig->cap_drop_len = 0; @@ -266,11 +266,11 @@ void isula_host_config_free(isula_host_config_t *hostconfig) free_json_map_string_string(hostconfig->sysctls); hostconfig->sysctls = NULL; - util_free_array(hostconfig->devices); + util_free_array_by_len(hostconfig->devices, hostconfig->devices_len); hostconfig->devices = NULL; hostconfig->devices_len = 0; - util_free_array(hostconfig->hugetlbs); + util_free_array_by_len(hostconfig->hugetlbs, hostconfig->hugetlbs_len); hostconfig->hugetlbs = NULL; hostconfig->hugetlbs_len = 0; @@ -292,7 +292,7 @@ void isula_host_config_free(isula_host_config_t *hostconfig) free(hostconfig->user_remap); hostconfig->user_remap = NULL; - util_free_array(hostconfig->ulimits); + util_free_array_by_len(hostconfig->ulimits, hostconfig->ulimits_len); hostconfig->ulimits = NULL; hostconfig->ulimits_len = 0; @@ -311,11 +311,11 @@ void isula_host_config_free(isula_host_config_t *hostconfig) free(hostconfig->cgroup_parent); hostconfig->cgroup_parent = NULL; - util_free_array(hostconfig->binds); + util_free_array_by_len(hostconfig->binds, hostconfig->binds_len); hostconfig->binds = NULL; hostconfig->binds_len = 0; - util_free_array(hostconfig->blkio_weight_device); + util_free_array_by_len(hostconfig->blkio_weight_device, hostconfig->blkio_weight_device_len); hostconfig->blkio_weight_device = NULL; hostconfig->blkio_weight_device_len = 0; @@ -332,7 +332,7 @@ void isula_container_config_free(isula_container_config_t *config) return; } - util_free_array(config->env); + util_free_array_by_len(config->env, config->env_len); config->env = NULL; config->env_len = 0; @@ -342,11 +342,11 @@ void isula_container_config_free(isula_container_config_t *config) free(config->user); config->user = NULL; - util_free_array(config->mounts); + util_free_array_by_len(config->mounts, config->mounts_len); config->mounts = NULL; config->mounts_len = 0; - util_free_array(config->cmd); + util_free_array_by_len(config->cmd, config->cmd_len); config->cmd = NULL; config->cmd_len = 0; diff --git a/src/services/execution/execute/execution.c b/src/services/execution/execute/execution.c index cd92e03fa88c1fd6f440326adaf54a8e60bfbfb9..90a3f566ce8c2d29051dc881918574b7606f55fc 100644 --- a/src/services/execution/execute/execution.c +++ b/src/services/execution/execute/execution.c @@ -248,7 +248,7 @@ static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint static int umount_dev_tmpfs_for_system_container(const container_t *cont) { - if (cont->hostconfig != NULL && cont->hostconfig->system_container) { + if (cont->hostconfig != NULL && cont->hostconfig->system_container && cont->hostconfig->external_rootfs != NULL) { char rootfs_dev_path[PATH_MAX] = { 0 }; int nret = snprintf(rootfs_dev_path, sizeof(rootfs_dev_path), "%s/dev", cont->common_config->base_fs); if ((size_t)nret >= sizeof(rootfs_dev_path) || nret < 0) { @@ -514,7 +514,7 @@ static int mount_dev_tmpfs_for_system_container(const container_t *cont) if (cont == NULL || cont->hostconfig == NULL || cont->common_config == NULL) { return 0; } - if (!cont->hostconfig->system_container) { + if (!cont->hostconfig->system_container || cont->hostconfig->external_rootfs == NULL) { return 0; } int nret = snprintf(rootfs_dev_path, sizeof(rootfs_dev_path), "%s/dev", cont->common_config->base_fs); diff --git a/src/services/execution/execute/execution_create.c b/src/services/execution/execute/execution_create.c index 15180da5be7d4fece931427da01f691234147056..02fb7995a1e02c54cc1b61d5879bebe406b857b7 100644 --- a/src/services/execution/execute/execution_create.c +++ b/src/services/execution/execute/execution_create.c @@ -285,12 +285,23 @@ static int merge_config_for_syscontainer(const container_create_request *request const container_config *container_spec, const oci_runtime_spec *oci_spec) { int ret = 0; + char *value = NULL; - if (!host_spec->system_container || request->rootfs == NULL) { + if (!host_spec->system_container) { return 0; } + if (request->rootfs == NULL) { + value = oci_spec->root->path; + } else { + value = request->rootfs; + } - if (append_json_map_string_string(oci_spec->annotations, "rootfs.mount", request->rootfs)) { + if (append_json_map_string_string(oci_spec->annotations, "rootfs.mount", value)) { + ERROR("Realloc annotations failed"); + ret = -1; + goto out; + } + if (request->rootfs != NULL && append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true")) { ERROR("Realloc annotations failed"); ret = -1; goto out; diff --git a/src/services/execution/execute/execution_information.c b/src/services/execution/execute/execution_information.c index 36e4e6df776ff7755edcf0fd84872bedba6fe8fa..01a2e6eecdafa46eff27612f048023cf8d0c69ac 100644 --- a/src/services/execution/execute/execution_information.c +++ b/src/services/execution/execute/execution_information.c @@ -450,7 +450,8 @@ out: return ret; } -int parse_output(char **title, char ***process, const char *output, const pid_t *pids, size_t pids_len) +int parse_output(char **title, char ***process, size_t *process_len, const char *output, const pid_t *pids, + size_t pids_len) { int ret = 0; int pid_num = 0; @@ -479,6 +480,7 @@ int parse_output(char **title, char ***process, const char *output, const pid_t } ret = parse_output_by_lines(*process, tmp, pid_num, stime, pids, pids_len); + *process_len = util_array_len((const char **)(*process)); out: util_free_array(tmp); @@ -755,6 +757,7 @@ static int container_top_cb(container_top_request *request, container_top_respon char *stderr_buffer = NULL; char *titles = NULL; char **processes = NULL; + size_t process_len = 0; pid_t *pids = NULL; size_t pids_len = 0; container_t *cont = NULL; @@ -792,17 +795,17 @@ static int container_top_cb(container_top_request *request, container_top_respon goto pack_response; } - if (parse_output(&titles, &processes, stdout_buffer, pids, pids_len)) { + if (parse_output(&titles, &processes, &process_len, stdout_buffer, pids, pids_len)) { ERROR("Failed to parse output!"); cc = ISULAD_ERR_EXEC; goto pack_response; } - if (util_array_len((const char **)processes) > SIZE_MAX / sizeof(char *)) { + if (process_len > SIZE_MAX / sizeof(char *)) { ERROR("invalid processe size"); cc = ISULAD_ERR_EXEC; goto pack_response; } - (*response)->processes = util_common_calloc_s(util_array_len((const char **)processes) * sizeof(char *)); + (*response)->processes = util_common_calloc_s(process_len * sizeof(char *)); if ((*response)->processes == NULL) { ERROR("Out of memory"); cc = ISULAD_ERR_EXEC; @@ -811,10 +814,10 @@ static int container_top_cb(container_top_request *request, container_top_respon (*response)->titles = titles; titles = NULL; - for (i = 0; i < util_array_len((const char **)processes); i++) { + for (i = 0; i < process_len; i++) { (*response)->processes[i] = util_strdup_s(processes[i]); } - (*response)->processes_len = util_array_len((const char **)processes); + (*response)->processes_len = process_len; (void)isulad_monitor_send_container_event(id, TOP, -1, 0, NULL, NULL); pack_response: @@ -830,7 +833,7 @@ pack_response: stderr_buffer = NULL; free(pid_args); free(titles); - util_free_array(processes); + util_free_array_by_len(processes, process_len); free_log_prefix(); DAEMON_CLEAR_ERRMSG(); return (cc == ISULAD_SUCCESS) ? 0 : -1; diff --git a/src/services/execution/spec/specs_mount.c b/src/services/execution/spec/specs_mount.c index 2c1afd104b32c8f225221a9f478e39a34d62596b..62498cdf3bfad358b8b0bf1579f2422f98fffbe8 100644 --- a/src/services/execution/spec/specs_mount.c +++ b/src/services/execution/spec/specs_mount.c @@ -1874,7 +1874,7 @@ static bool mount_file(oci_runtime_spec *container, const char *src_path, const out_free: if (!ret) { - util_free_array(options); + util_free_array_by_len(options, options_len); free_defs_mount(tmp_mounts); } return ret; @@ -1924,7 +1924,7 @@ static bool add_host_channel_mount(oci_runtime_spec *container, const host_confi out_free: if (!ret) { - util_free_array(options); + util_free_array_by_len(options, options_len); free_defs_mount(tmp_mounts); } return ret; @@ -2261,7 +2261,7 @@ static bool add_shm_mount(oci_runtime_spec *container, const char *shm_path) out_free: if (!ret) { - util_free_array(options); + util_free_array_by_len(options, options_len); free_defs_mount(tmp_mounts); } return ret;