-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add youki runtime support #8411
Conversation
@electrocucaracha could you add a docs page explaining how to enable the feature and why a deployer would consider it? Additionally, to avoid shipping broken releases, I think new CRI's should have some minimal |
@cristicalin I have requested more information about the state of the project. Regarding adding more |
It will bring the size of the containers down just like Knative containers do for golang, avoiding the need of a base image that contains a distro, and letting place for a "from scratch" docker image that runs RUST built binaries natively. |
From the description it seems this is just a CRI implementation so how is this special for RUST_built_binaries_natively than BTW, I'm not arguing to describe the use-case in this PR but to add a documentation entry in this PR to explain the new feature and how to use it and when. |
28f1c5c
to
0800d83
Compare
@cristicalin I have implemented most of the suggestions but I'm going to need some help from @gattytto to solve the molecule issues given that I'm getting the following error in both distros (almalinux8 and ubuntu20):
|
@electrocucaracha you can run the molecule test with |
roles/container-engine/youki/molecule/default/files/tests/test_default.py
Outdated
Show resolved
Hide resolved
roles/container-engine/youki/molecule/default/files/tests/test_default.py
Outdated
Show resolved
Hide resolved
roles/container-engine/youki/molecule/default/files/tests/test_default.py
Outdated
Show resolved
Hide resolved
Looking at the discussion over on slack I think there is a need for further explanation of this runtime and how it should be used. Why does it need a special image to test? If it is not a general purpose CRI the documentation (part of our |
0800d83
to
2974637
Compare
I'm concerned about the current state of this container runtime, it seems like there are few things to be implemented for kubernetes. Maybe this PR needs to be changed to draft. @gattytto can help here to clarify this. |
I don't get the error you get when running hello-world with youki: root@optimum-mayfly:~# kubectl get pod
NAME READY STATUS RESTARTS AGE
rustest 0/1 ContainerCreating 0 14s
root@optimum-mayfly:~# kubectl get pod
NAME READY STATUS RESTARTS AGE
rustest 0/1 Completed 0 15s apiVersion: v1
kind: Pod
metadata:
name: rustest
labels:
name: rust
spec:
runtimeClassName: youki
containers:
- name: rust
image: hello-world:latest |
I'm just new to rust so my container is a mess but hello world works in youki. |
@gattytto I have tested |
@cristicalin apparently I'm not getting a RunPodSandboxResponse vagrant@ubuntu20:/tmp$ sudo crictl config --set debug=true
vagrant@ubuntu20:/tmp$ sudo /usr/local/bin/crictl run --with-pull --runtime youki /tmp/container.json /tmp/sandbox.json
DEBU[0000] get runtime connection
DEBU[0000] connect using endpoint 'unix:///var/run/crio/crio.sock' with '30s' timeout
DEBU[0000] connected successfully using endpoint: unix:///var/run/crio/crio.sock
DEBU[0000] get image connection
DEBU[0000] connect using endpoint 'unix:///var/run/crio/crio.sock' with '30s' timeout
DEBU[0000] connected successfully using endpoint: unix:///var/run/crio/crio.sock
DEBU[0000] RunPodSandboxRequest: &RunPodSandboxRequest{Config:&PodSandboxConfig{Metadata:&PodSandboxMetadata{Name:youki1,Uid:hdishd83djaidwnduwk28bcsb,Namespace:default,Attempt:1,},Hostname:,LogDirectory:/tmp,DnsConfig:nil,PortMappings:[]*PortMapping{},Labels:map[string]string{},Annotations:map[string]string{},Linux:&LinuxPodSandboxConfig{CgroupParent:,SecurityContext:nil,Sysctls:map[string]string{},},Windows:nil,},RuntimeHandler:youki,}
DEBU[0000] RunPodSandboxResponse: nil
FATA[0000] running container: run pod sandbox: rpc error: code = Unknown desc = error reading container (probably exited) json message: EOF But using vagrant@ubuntu20:/tmp$ sudo /usr/local/bin/crictl run --with-pull --runtime runc /tmp/container.json /tmp/sandbox.json
DEBU[0000] get runtime connection
DEBU[0000] connect using endpoint 'unix:///var/run/crio/crio.sock' with '30s' timeout
DEBU[0000] connected successfully using endpoint: unix:///var/run/crio/crio.sock
DEBU[0000] get image connection
DEBU[0000] connect using endpoint 'unix:///var/run/crio/crio.sock' with '30s' timeout
DEBU[0000] connected successfully using endpoint: unix:///var/run/crio/crio.sock
DEBU[0000] RunPodSandboxRequest: &RunPodSandboxRequest{Config:&PodSandboxConfig{Metadata:&PodSandboxMetadata{Name:youki1,Uid:hdishd83djaidwnduwk28bcsb,Namespace:default,Attempt:1,},Hostname:,LogDirectory:/tmp,DnsConfig:nil,PortMappings:[]*PortMapping{},Labels:map[string]string{},Annotations:map[string]string{},Linux:&LinuxPodSandboxConfig{CgroupParent:,SecurityContext:nil,Sysctls:map[string]string{},},Windows:nil,},RuntimeHandler:runc,}
DEBU[0000] RunPodSandboxResponse: &RunPodSandboxResponse{PodSandboxId:1d02b9c68531a1f61e8313d0c6e96af60ee7e103bdbbc4f9b762026e8923f31b,}
DEBU[0000] PullImageRequest: &PullImageRequest{Image:&ImageSpec{Image:quay.io/kubespray/hello-world:latest,Annotations:map[string]string{},},Auth:nil,SandboxConfig:&PodSandboxConfig{Metadata:&PodSandboxMetadata{Name:youki1,Uid:hdishd83djaidwnduwk28bcsb,Namespace:default,Attempt:1,},Hostname:,LogDirectory:/tmp,DnsConfig:nil,PortMappings:[]*PortMapping{},Labels:map[string]string{},Annotations:map[string]string{},Linux:&LinuxPodSandboxConfig{CgroupParent:,SecurityContext:nil,Sysctls:map[string]string{},},Windows:nil,},}
DEBU[0001] PullImageResponse: &PullImageResponse{ImageRef:quay.io/kubespray/hello-world@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4,}
DEBU[0001] CreateContainerRequest: &CreateContainerRequest{PodSandboxId:1d02b9c68531a1f61e8313d0c6e96af60ee7e103bdbbc4f9b762026e8923f31b,Config:&ContainerConfig{Metadata:&ContainerMetadata{Name:youki1,Attempt:0,},Image:&ImageSpec{Image:quay.io/kubespray/hello-world:latest,Annotations:map[string]string{},},Command:[],Args:[],WorkingDir:,Envs:[]*KeyValue{},Mounts:[]*Mount{},Devices:[]*Device{},Labels:map[string]string{},Annotations:map[string]string{},LogPath:youki1.0.log,Stdin:false,StdinOnce:false,Tty:false,Linux:&LinuxContainerConfig{Resources:nil,SecurityContext:nil,},Windows:nil,},SandboxConfig:&PodSandboxConfig{Metadata:&PodSandboxMetadata{Name:youki1,Uid:hdishd83djaidwnduwk28bcsb,Namespace:default,Attempt:1,},Hostname:,LogDirectory:/tmp,DnsConfig:nil,PortMappings:[]*PortMapping{},Labels:map[string]string{},Annotations:map[string]string{},Linux:&LinuxPodSandboxConfig{CgroupParent:,SecurityContext:nil,Sysctls:map[string]string{},},Windows:nil,},}
DEBU[0001] CreateContainerResponse: &CreateContainerResponse{ContainerId:979f5e8f811aa5651722e9c670f1d131c5f1cf4bc1bf51b9fb10c1b85f57b8d7,}
DEBU[0001] StartContainerRequest: &StartContainerRequest{ContainerId:979f5e8f811aa5651722e9c670f1d131c5f1cf4bc1bf51b9fb10c1b85f57b8d7,}
DEBU[0001] StartContainerResponse: &StartContainerResponse{}
979f5e8f811aa5651722e9c670f1d131c5f1cf4bc1bf51b9fb10c1b85f57b8d7
|
2974637
to
ff91d2c
Compare
@cristicalin @gattytto I have fixed the |
There are still some errors preventing the molecule test from succeeding: https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/-/jobs/1989279436#L4816 |
ff91d2c
to
78b2fae
Compare
Apparently the cni config file was ignored but after include it, it seems to be working properly. |
Nice work @electrocucaracha , thanks for following through with this feature! /lgtm |
Nice work @electrocucaracha /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: electrocucaracha, oomichi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
What this PR does / why we need it:
These changes enable youki runtime support for CRI-O
Which issue(s) this PR fixes:
Special notes for your reviewer:
In order to test this, it's required to set
container_manager
tocrio
and enable youki runtime viayouki_enabled
var.Does this PR introduce a user-facing change?: