fixed cri-o [sync git]

Signed-off-by: Kang Huaishuai <[email protected]>

Author: khs1994

kubernetes/.github/workflows/setup-k8s.yaml

@@ -89,22 +89,22 @@ jobs:
       #    LNMP_K8S_LOCAL_INSTALL_OPTIONS: --docker
        - os: ubuntu
          dist: 22.04
-         CI_KUBERNETES_VERSION: 1.33.0
+         CI_KUBERNETES_VERSION: 1.33.4
          LNMP_K8S_GET: --url
          K8S_ROOT: /opt/k8s-custom
        # old version
        - os: ubuntu
          dist: 22.04
-         CI_KUBERNETES_VERSION: 1.32.6
-         LNMP_K8S_GET: --url
-       - os: ubuntu
-         dist: 22.04
-         CI_KUBERNETES_VERSION: 1.31.10
+         CI_KUBERNETES_VERSION: 1.32.8
          LNMP_K8S_GET: --url
        - os: ubuntu
          dist: 22.04
-         CI_KUBERNETES_VERSION: 1.30.14
+         CI_KUBERNETES_VERSION: 1.31.12
          LNMP_K8S_GET: --url
+      #  - os: ubuntu
+      #    dist: 22.04
+      #    CI_KUBERNETES_VERSION: 1.30.14
+      #    LNMP_K8S_GET: --url
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
@@ -283,7 +283,7 @@ jobs:
          test "${LNMP_K8S_LOCAL_INSTALL_OPTIONS}" = "--docker" \
            && (sudo systemctl restart docker || sudo journalctl -u docker) || true
          test "${LNMP_K8S_LOCAL_INSTALL_OPTIONS}" = "--crio" \
-           && (/usr/local/bin/crio --help; sudo systemctl daemon-reload ; \
+           && (crio --help; sudo systemctl daemon-reload ; \
                sudo systemctl start cri-o) || true
 
          test -z "${LNMP_K8S_LOCAL_INSTALL_OPTIONS}" \

kubernetes/cli/crio.txt

@@ -436,22 +436,6 @@ _helm_install(){
   $(_sudo) rm -rf ${TMP_ROOT}/${GOOS}-${GOARCH}
 }
 
-_gvisor_containerd_conf(){
-  if ! [ "$GOOS" = 'linux' -a "$GOARCH" = 'amd64' ];then
-    print_info "$GOOS $GOARCH not support gvisor, skip config containerd with runsc"
-
-    return
-  fi
-}
-
-_gvisor_crio_conf(){
-  print_info "config crio with gvisor(runsc) ..."
-  cat <<EOF | $(_sudo) tee -a ${K8S_ROOT}/etc/crio/crio.conf
-[crio.runtime.runtimes.runsc]
-  runtime_path = "/usr/local/bin/runsc"
-EOF
-}
-
 _gvisor_install(){
   if ! [ "$GOOS" = 'linux' -a "$GOARCH" = 'amd64' ];then
     print_info "$GOOS $GOARCH not support gvisor"
@@ -537,22 +521,6 @@ _runc_install(){
   runc --version
 }
 
-_crun_containerd_conf(){
-  if ! [ "$GOOS" = 'linux' -a "$GOARCH" = 'amd64' ];then
-    print_info "$GOOS $GOARCH not support crun, skip config containerd with crun"
-
-    return
-  fi
-}
-
-_crun_crio_conf(){
-  print_info "config crio with crun ..."
-  cat <<EOF | $(_sudo) tee -a ${K8S_ROOT}/etc/crio/crio.conf
-[crio.runtime.runtimes.crun]
-  runtime_path = "/usr/local/bin/crun"
-EOF
-}
-
 _crun_install(){
   if [ `command -v crun` ];then
     print_info "crun already install"
@@ -859,7 +827,7 @@ _cri_sysctl(){
 }
 
 _conmon_install(){
-  if [ -f ${K8S_ROOT}/usr/local/bin/conmon ];then
+  if [ -f ${K8S_ROOT}/bin/conmon ];then
     return
   fi
 
@@ -874,41 +842,53 @@ _conmon_install(){
           "" 0 ${DOWNLOAD_FROM_REGISTRY_URL})
     $(_sudo) tar -zxvf $rootfs -C ${TMP_ROOT}
 
-    $(_sudo) cp ${TMP_ROOT}/conmon/dist/conmon ${K8S_ROOT}/usr/local/bin/conmon
+    $(_sudo) cp ${TMP_ROOT}/conmon/dist/conmon ${K8S_ROOT}/bin/conmon
 
-    $(_sudo) chmod +x ${K8S_ROOT}/usr/local/bin/conmon
+    $(_sudo) chmod +x ${K8S_ROOT}/bin/conmon
   else
     url=$url_official
 
     if [ $OS = "Linux" ];then
       if [ $GOARCH = "amd64" -o $GOARCH = "arm64" ];then
-        $(_sudo) $(_curl) -o ${K8S_ROOT}/usr/local/bin/conmon $url
+        $(_sudo) $(_curl) -o ${K8S_ROOT}/bin/conmon $url
 
-        $(_sudo) chmod +x ${K8S_ROOT}/usr/local/bin/conmon
+        $(_sudo) chmod +x ${K8S_ROOT}/bin/conmon
 
         return
       fi
     fi
   fi
+}
+
+# https://github.com/cri-o/cri-o/blob/main/install.md#build-and-install-cri-o-from-source
+_crio_install(){
+  if [ $DOWNLOAD_FROM_REGISTRY = "true" ];then
+    rootfs=$($ScriptRoot/../windows/sdk/dockerhub/rootfs.sh \
+          khs1994-docker/lwpm/cri-o \
+          ${KUBERNETES_VERSION} \
+          ${GOARCH} \
+          ${GOOS} \
+          "" 0 ${DOWNLOAD_FROM_REGISTRY_URL})
+    $(_sudo) tar -zxvf $rootfs -C ${TMP_ROOT}
 
-  cd /tmp
+    # _conmon_install
 
-  if [ -d conmon/.git ];then
-    cd conmon
-    git fetch origin main --depth=1
-    git reset --hard origin/main
-  else
-    rm -rf conmon
-    git clone --depth=1 https://github.com/containers/conmon
+    $(_sudo) mkdir -p ${K8S_ROOT}/etc/crio
+
+    $(_sudo) cp -r systemd/etc/containers/. ${K8S_ROOT}/etc/containers
+    $(_sudo) cp -r systemd/etc/crio/crio.conf ${K8S_ROOT}/etc/crio/crio.conf
+
+    $(_sudo) cp ${TMP_ROOT}/cri-o/bin/* ${K8S_ROOT}/bin/
+
+     $(_sudo) cp ${TMP_ROOT}/cri-o/bin/crun /usr/local/bin/crun
+
+    _crio_config
+
+    return
   fi
 
-  cd /tmp/conmon
-  make
-  $(_sudo) make PREFIX=${K8S_ROOT}/usr/local install
-}
+  return
 
-# https://github.com/cri-o/cri-o/blob/main/install.md#build-and-install-cri-o-from-source
-_crio_install(){
   set +e
   command -v crio > /dev/null 2>&1
   if [ $? -eq 0 ];then print_info "cri-o already install" ; return;fi
@@ -1117,14 +1097,12 @@ _cri_handler(){
     _containerd_install
     _containerd_cri_config
     _docker_default_conf
-    if [ "$GOOS" = 'linux' ];then _gvisor_containerd_conf;fi
     _crictl_containerd_conf
   elif [ "$CONTAINER_RUNTIME" = "--crio" ];then
     print_info "Kubelet Runtime is CRI-O"
     _crio_install
     _crio_config
     _docker_default_conf
-    if [ "$GOOS" = 'linux' ];then _gvisor_crio_conf;fi
     _crictl_crio_conf
   elif [ "$CONTAINER_RUNTIME" = "--docker" ];then
     print_info "Kubelet Runtime is Docker"

kubernetes/lnmp-k8s

@@ -1,21 +1,49 @@
 [crio]
   version_file_persist = "/opt/k8s/var/lib/crio/version"
   log_dir = "/opt/k8s/var/log/crio/pods"
+  root = "/opt/k8s/var/lib/containers/storage"
   [crio.runtime]
-    # default_runtime = "runc"
+    default_runtime = "crun"
     cgroup_manager = "systemd"
     # trace, debug, info, warn, error, fatal or panic (default: "info")
     log_level = "info"
       [crio.runtime.runtimes.runc]
         runtime_path = ""
         runtime_type = "oci"
         runtime_root = "/run/runc"
+        monitor_env = [
+	"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/k8s/bin",
+]
+      [crio.runtime.runtimes.runsc]
+        runtime_path = ""
+        monitor_env = [
+	"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/k8s/bin",
+]
+      [crio.runtime.runtimes.crun]
+        runtime_path = ""
+        monitor_env = [
+	"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/k8s/bin",
+]
   [crio.network]
     network_dir = "/opt/k8s/etc/cni/net.d"
     plugin_dirs = ["/opt/k8s/opt/cni/bin/",]
   [crio.image]
-    pause_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.7"
+    pause_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10"
     insecure_registries = []
   [crio.metrics]
     enable_metrics = true
     metrics_port = 9090
+  [crio.tracing]
+
+  # Globally enable or disable exporting OpenTelemetry traces.
+  enable_tracing = false
+
+  [crio.metrics]
+
+  # Globally enable or disable metrics support.
+  enable_metrics = false
+
+  [crio.nri]
+
+  # Globally enable or disable NRI.
+  enable_nri = false

kubernetes/systemd/etc/crio/crio.conf

@@ -0,0 +1,18 @@
+# [crio.image]
+# signature_policy = "/etc/crio/policy.json"
+
+# [crio.runtime]
+# default_runtime = "crun"
+
+# [crio.runtime.runtimes.crun]
+# runtime_path = "/usr/libexec/crio/crun"
+# runtime_root = "/run/crun"
+# monitor_path = "/usr/libexec/crio/conmon"
+# allowed_annotations = [
+#     "io.containers.trace-syscall",
+# ]
+
+# [crio.runtime.runtimes.runc]
+# runtime_path = "/usr/libexec/crio/runc"
+# runtime_root = "/run/runc"
+# monitor_path = "/usr/libexec/crio/conmon"