Dev 2.1 add containers

conf/bblayers.conf.sample

@@ -16,6 +16,7 @@ BBLAYERS ?= " \
     ##OEROOT##/meta-openembedded/meta-networking \
     ##OEROOT##/meta-openembedded/meta-perl \
     ##OEROOT##/meta-openembedded/meta-python \
+    ##OEROOT##/meta-virtualization \
     ##OEROOT##/meta-raspberrypi \
     ##OEROOT##/meta-security \
     ##OEROOT##/meta-nodejs \

conf/local.conf.sample

@@ -9,7 +9,7 @@ RPI_USE_U_BOOT = "1"
 #DISABLE_RPI_BOOT_LOGO = "1"
 #IMAGE_FEATURES_remove = "splash"
 
-DISTRO_FEATURES = "ext2 opengl usbhost ${DISTRO_FEATURES_LIBC}"
+DISTRO_FEATURES = "ext2 opengl usbhost ${DISTRO_FEATURES_LIBC} virtualization k8s"
 
 DISTRO_FEATURES_BACKFILL_CONSIDERED += "pulseaudio"
 

recipes-containers/docker/docker_%.bbappend

@@ -0,0 +1,4 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://daemon.json"
+
+

recipes-containers/docker/files/daemon.json

@@ -0,0 +1,4 @@
+{
+	"graph": "/userdata/docker",
+	"storage-driver": "overlay2"
+}

recipes-containers/kubelet/files/10-c2d.conf

@@ -0,0 +1,6 @@
+{
+  "cniVersion": "0.2.0",
+  "name": "edgenet",
+  "type": "c2d",
+  "debug": true
+}

recipes-containers/kubelet/files/99-loopback.conf

@@ -0,0 +1,4 @@
+{
+    "cniVersion": "0.3.1",
+    "type": "loopback"
+}

recipes-containers/kubelet/files/kubeconfig

@@ -0,0 +1,12 @@
+apiVersion: v1
+clusters:
+- cluster:
+    server: http://127.0.0.1:8080
+  name: kaas
+contexts:
+- context:
+    cluster: kaas
+  name: default
+current-context: default
+kind: Config
+preferences: {}

recipes-containers/kubelet/files/kubelet-config.yaml

@@ -0,0 +1,19 @@
+kind: KubeletConfiguration
+apiVersion: kubelet.config.k8s.io/v1beta1
+authentication:
+  anonymous:
+    enabled: false
+  webhook:
+    enabled: true
+  x509:
+    clientCAFile: "/var/lib/kubelet/ca.pem"
+authorization:
+  mode: Webhook
+clusterDomain: "cluster.local"
+clusterDNS:
+  - "10.32.0.10"
+podCIDR: "10.0.0.0/24"
+resolvConf: "/etc/resolv.conf"
+runtimeRequestTimeout: "15m"
+tlsCertFile: "/var/lib/kubelet/kubelet.pem"
+tlsPrivateKeyFile: "/var/lib/kubelet/kubelet-key.pem"

recipes-containers/kubelet/files/kubelet-watcher.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=kubelet restarter
+
+[Service]
+Type=oneshot
+ExecStart=/bin/systemctl restart kubelet.service
+
+[Install]
+WantedBy=network.target

recipes-containers/kubelet/files/kubelet.path

@@ -0,0 +1,9 @@
+[Unit]
+Description=Monitor the changes to identity.json file and restart kubelet
+
+[Path]
+PathChanged=/userdata/edge_gw_config/identity.json
+Unit=kubelet-watcher.service
+
+[Install]
+WantedBy=network.target

recipes-containers/kubelet/files/kubelet.service

@@ -0,0 +1,12 @@
+[Unit]
+Descritpion=Kubelet
+Requires=wait-for-pelion-identity.service
+After=edge-proxy.service
+
+[Service]
+Restart=always
+RestartSec=5
+ExecStart=/wigwag/system/bin/launch-kubelet.sh
+
+[Install]
+WantedBy=network.target

recipes-containers/kubelet/files/launch-edgenet.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+# ----------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited and affiliates.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+
+docker network inspect edgenet &>/dev/null || docker network create --subnet=10.0.0.0/24 --gateway=10.0.0.1 edgenet

recipes-containers/kubelet/files/launch-kubelet.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# ----------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited and affiliates.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+
+DEVICE_ID=`jq -r .deviceID /userdata/edge_gw_config/identity.json`
+if [ $? -ne 0 ]; then
+    echo "Unable to extract device ID from identity.json"
+    exit 1
+fi
+
+/wigwag/system/bin/launch-edgenet.sh
+if [ $? -ne 0 ]; then
+    echo "Unable to create edgenet docker network"
+    exit 2
+fi
+
+exec /wigwag/system/bin/kubelet \
+--root-dir=/var/lib/kubelet \
+--offline-cache-path=/wigwag/system/var/lib/kubelet/store \
+--fail-swap-on=false \
+--image-pull-progress-deadline=2m \
+--hostname-override=${DEVICE_ID} \
+--kubeconfig=/wigwag/system/var/lib/kubelet/kubeconfig \
+--cni-bin-dir=/wigwag/system/opt/cni/bin \
+--cni-conf-dir=/wigwag/system/etc/cni/net.d \
+--network-plugin=cni \
+--register-node=true

recipes-containers/kubelet/kubelet_git.bb

@@ -0,0 +1,69 @@
+DESCRIPTION = "Kubernetes without all the extra stuff"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+inherit go pkgconfig gitpkgv systemd
+SRC_URI = "git://git@github.com/armPelionEdge/edge-kubelet.git;protocol=ssh;branch=master;depth=1 \
+file://10-c2d.conf \
+file://99-loopback.conf \
+file://kubeconfig \
+file://kubelet.service \
+file://kubelet-watcher.service \
+file://kubelet.path \
+file://launch-edgenet.sh \
+file://launch-kubelet.sh \
+  "
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE_${PN} = "kubelet.service"
+SYSTEMD_AUTO_ENABLE_${PN} = "enable"
+
+#SRCREV = "${AUTOREV}"
+SRCREV = "83b266ae6939012883611d6dbda745f2490a67c4"
+PR = "r1"
+
+DEPENDS = "libseccomp"
+RDEPENDS_${PN} += " docker libseccomp cni"
+
+bindir = "/wigwag/system/bin"
+confdir = "/wigwag/system/var/lib/kubelet"
+cnidir = "/wigwag/system/etc/cni/net.d"
+FILES_${PN} =  "\
+    ${bindir}/kubelet\
+    ${bindir}/launch-kubelet.sh\
+    ${bindir}/launch-edgenet.sh\
+    ${confdir}/kubeconfig\
+    ${cnidir}/10-c2d.conf\
+    ${cnidir}/99-loopback.conf\
+    ${systemd_system_unitdir}/kubelet.service\
+    ${systemd_system_unitdir}/kubelet-watcher.service\
+    ${systemd_system_unitdir}/kubelet.path\
+    "
+GO_IMPORT = "k8s.io/kubernetes"
+GO_PACKAGES = "${GO_IMPORT}/cmd/kubelet"
+
+do_compile() {
+  export TMPDIR="${GOTMPDIR}"
+  # KUBE_GO_PACKAGE is expected to be set by the version.sh script
+  export KUBE_GO_PACKAGE=${GO_IMPORT}
+  # sh doesn't like variable names with '::' in them. Replace all '::' occurrences with '_'
+  eval "$(cat ${GOPATH}/src/${GO_IMPORT}/hack/lib/version.sh | sed --expression 's/::/_/g')"
+  echo "${GO} install -v -ldflags=\"$GO_RPATH $GO_LINKMODE -extldflags '$GO_EXTLDFLAGS' $(kube_version_ldflags)\" ${GO_PACKAGES}" > /tmp/gostuff
+  ${GO} install -v -ldflags="$GO_RPATH $GO_LINKMODE -extldflags '$GO_EXTLDFLAGS' $(kube_version_ldflags)" ${GO_PACKAGES}
+}
+
+do_install() {
+  install -d ${D}${bindir}
+  install -d ${D}${confdir}
+  install -d ${D}${cnidir}
+  install -d ${D}${systemd_system_unitdir}
+  install -m 0755 ${B}/${GO_BUILD_BINDIR}/kubelet ${D}${bindir}/kubelet
+  install -m 0755 ${S}/../launch-kubelet.sh ${D}${bindir}/launch-kubelet.sh
+  install -m 0755 ${S}/../launch-edgenet.sh ${D}${bindir}/launch-edgenet.sh
+  install -m 0644 ${S}/../kubeconfig ${D}${confdir}/kubeconfig
+  install -m 0644 ${S}/../10-c2d.conf ${D}${cnidir}/10-c2d.conf
+  install -m 0644 ${S}/../99-loopback.conf ${D}${cnidir}/99-loopback.conf
+  install -m 0644 ${S}/../kubelet.service ${D}${systemd_system_unitdir}/kubelet.service
+  install -m 0644 ${S}/../kubelet-watcher.service ${D}${systemd_system_unitdir}/kubelet-watcher.service
+  install -m 0644 ${S}/../kubelet.path ${D}${systemd_system_unitdir}/kubelet.path
+}

recipes-core/images/console-image.bb

@@ -152,7 +152,10 @@ WIGWAG_STUFF = " \
     deviceoswd \
     emacs \
     fftw \
+    edge-proxy \
     imagemagick \
+    kubelet \
+    tini \
     lcms \
     virtual/mbed-edge-core \
     mbed-edge-examples \

recipes-core/netbase/netbase/hosts

@@ -0,0 +1,9 @@
+127.0.0.1       localhost.localdomain           localhost
+127.0.0.1		gateways.local
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters

recipes-core/netbase/netbase_%.bbappend

@@ -0,0 +1,2 @@
+#prepend to take precedence over poky/meta
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"

recipes-kernel/linux/linux-raspberrypi_%.bbappend

@@ -2,3 +2,4 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 
 SRC_URI += "file://0001-Edge-increased-the-HCI_LE_AUTOCONN_TIMEOUT-to-20-sec.patch \
             file://default-cpu-scaling-gov.cfg"
+CMDLINE_append = 'cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1'

recipes-networking/cni/cni_git.bb

@@ -0,0 +1,79 @@
+HOMEPAGE = "https://github.com/containernetworking/cni"
+SUMMARY = "Container Network Interface - networking for Linux containers"
+DESCRIPTION = "CNI (Container Network Interface), a Cloud Native Computing \
+Foundation project, consists of a specification and libraries for writing \
+plugins to configure network interfaces in Linux containers, along with a \
+number of supported plugins. CNI concerns itself only with network connectivity \
+of containers and removing allocated resources when the container is deleted. \
+Because of this focus, CNI has a wide range of support and the specification \
+is simple to implement. \
+"
+
+SRCREV_cni = "4cfb7b568922a3c79a23e438dc52fe537fc9687e"
+# Version 0.8.5
+SRCREV_plugins = "1f33fb729ae2b8900785f896df2dc1f6fe5e8239"
+SRC_URI = "\
+	git://github.com/containernetworking/cni.git;nobranch=1;name=cni \
+        git://github.com/containernetworking/plugins.git;nobranch=1;destsuffix=${S}/src/github.com/containernetworking/plugins;name=plugins \
+        file://c2d \
+        file://c2d-inner \
+	"
+
+RPROVIDES_${PN} += "kubernetes-cni"
+RDEPENDS_${PN} += "bash"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=fa818a259cbed7ce8bc2a22d35a464fc"
+
+GO_IMPORT = "import"
+
+PV = "0.7.1+git${SRCREV_cni}"
+
+inherit go
+inherit goarch
+
+do_compile() {
+	mkdir -p ${S}/src/github.com/containernetworking
+	ln -sfr ${S}/src/import ${S}/src/github.com/containernetworking/cni
+
+	cd ${B}/src/github.com/containernetworking/cni/libcni
+	${GO} build
+
+	cd ${B}/src/github.com/containernetworking/cni/cnitool
+	${GO} build
+
+	cd ${B}/src/github.com/containernetworking/plugins
+	PLUGINS="$(ls -d plugins/meta/*; ls -d plugins/ipam/*; ls -d plugins/main/* | grep -v windows)"
+	mkdir -p ${B}/plugins/bin/
+	for p in $PLUGINS; do
+	    plugin="$(basename "$p")"
+	    echo "building: $p"
+	    ${GO} build -mod=vendor -o ${B}/plugins/bin/$plugin github.com/containernetworking/plugins/$p
+	done
+}
+
+do_install() {
+    localbindir="/wigwag/system/opt/cni/bin"
+
+    install -d ${D}${localbindir}
+    install -d ${D}/${sysconfdir}/cni/net.d
+
+    install -m 755 ${S}/src/import/cnitool/cnitool ${D}/${localbindir}
+    install -m 755 -D ${B}/plugins/bin/* ${D}/${localbindir}
+
+    # Parts of k8s expect the cni binaries to be available in /opt/cni
+    install -d ${D}/opt/cni
+    ln -sf /wigag/system/opt/cni/ ${D}/opt/cni/bin
+    # re-linking to the origional recipeies location
+    install -d ${D}${libexecdir}/cni
+    ln -sf /wigwag/system/opt/cni ${D}${libexecdir}/cni
+    #extra features needed by pe
+    install -m 755 -o root -g root ${WORKDIR}/c2d ${D}/${localbindir}
+    install -m 755 -o root -g root ${WORKDIR}/c2d-inner ${D}/${localbindir}
+}
+
+FILES_${PN} += "${libexecdir}cni/* /opt/cni/* /wigwag/system/opt/cni/bin"
+
+INSANE_SKIP_${PN} += "ldflags already-stripped"
+
+deltask compile_ptest_base

recipes-networking/cni/files/c2d

@@ -0,0 +1,40 @@
+#!/bin/bash
+# Copyright 2016 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This is a wrapper that converts the stdin/stdout part of the CNI
+# calling convention into an input-file & output-file calling
+# convention.  All the stuff written to stdout and stderr by the inner
+# script is saved to a file in /tmp/.
+
+INPUT=/tmp/c2d-$$-in
+RESULT=/tmp/c2d-$$-out
+LOG=/tmp/c2d-$$-log
+cat > "${INPUT}"
+"${0}-inner" "${INPUT}" "${RESULT}" &> "${LOG}"
+RC=$?
+if [ "${RC}" == "0" ]; then
+    cat "${RESULT}"
+    rm ${INPUT} ${RESULT} ${LOG}
+else
+    cat <<EOF
+{
+  "cniVersion": "0.1.0",
+  "code": "${RC}",
+  "msg": "${0}-inner returned ${RC}",
+  "details": $(jq -R -s . < "${LOG}")
+}
+EOF
+    exit "${RC}"
+fi