Here is a single node Kubernetes on CRI-O. This setup is done on Fedora 25.
Installing OS dependencies
dnf -y install \
go \
git \
btrfs-progs-devel \
device-mapper-devel \
glib2-devel \
glibc-devel \
glibc-static \
gpgme-devel \
libassuan-devel \
libgpg-error-devel \
libseccomp-devel \
libselinux-devel \
pkgconfig \
wget \
etcd \
iptables
Creating go environment
cd ~
mkdir -p ~/go
export GOPATH=~/go
export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOBIN
echo 'GOPATH=~/go' >> ~/.bashrc
echo 'GOBIN=$GOPATH/bin' >> ~/.bashrc
echo 'PATH=$PATH:$GOBIN' >> ~/.bashrc
Pull all the code dependencies
go get -d k8s.io/kubernetes
go get -u github.com/cloudflare/cfssl/cmd/...
Install runc
go get -d github.com/opencontainers/runc
cd $GOPATH/src/github.com/opencontainers/runc
git reset --hard v1.0.0-rc3
make BUILDTAGS='seccomp selinux' && make install
Build cri-o
cd
go get -d github.com/kubernetes-incubator/cri-o
cd $GOPATH/src/github.com/kubernetes-incubator/cri-o
make install.tools
make && make install
make install.config
Set up CNI
go get -d github.com/containernetworking/cni
cd $GOPATH/src/github.com/containernetworking/cni
./build.sh
mkdir -p /opt/cni/bin
cp bin/* /opt/cni/bin/
mkdir -p /etc/cni/net.d/
cat > /etc/cni/net.d/10-ocid-bridge.conf <<EOF
{
"cniVersion": "0.2.0",
"name": "ocid-bridge",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
EOF
cat > /etc/cni/net.d/99-loopback.conf <<EOF
{
"cniVersion": "0.2.0",
"type": "loopback"
}
EOF
Create policy.json
mkdir -p /etc/containers
cat > /etc/containers/policy.json <<EOF
{
"default": [
{
"type": "insecureAcceptAnything"
}
]
}
EOF
Make SELinux happy
mkdir -p /var/lib/containers/
chcon -Rt svirt_sandbox_file_t /var/lib/containers/
Start ocid service
export PATH=$PATH:/usr/local/bin/
echo 'PATH=$PATH:/usr/local/bin/' >> ~/.bashrc
ocid --runtime /usr/local/sbin/runc --log /root/ocid.log --debug --selinux true
Start k8s cluster with crio
cd $GOPATH/src/k8s.io/kubernetes/
CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT='/var/run/ocid.sock --runtime-request-timeout=15m' ./hack/local-up-cluster.sh
To use kubectl (in new terminal)
alias kubectl=$GOPATH/src/k8s.io/kubernetes/cluster/kubectl.sh
echo 'alias kubectl=$GOPATH/src/k8s.io/kubernetes/cluster/kubectl.sh' >> ~/.bashrc
Ref:
- Bangalore Kubernetes Meetup - April 2017 - Slides.
- runcom’s Setup script for Fedora.
- cri-o project
- cri-o tutorial
- Running cri-o on kubernetes cluster
- CRI-O: A kubernetes runtime - video