From 4f7a760a944cea4cc5afde81b6b91992d60b6c86 Mon Sep 17 00:00:00 2001
From: Victor Morales <v.morales@samsung.com>
Date: Tue, 1 Dec 2020 11:00:50 -0800
Subject: [PATCH] Add crun support (#6864)
Signed-off-by: Victor Morales <v.morales@samsung.com>
---
.../container-engine/cri-o/defaults/main.yml | 7 +++++++
roles/container-engine/cri-o/tasks/main.yaml | 8 +++++++-
roles/container-engine/crun/defaults/main.yml | 5 +++++
roles/container-engine/crun/tasks/main.yml | 19 +++++++++++++++++++
roles/container-engine/meta/main.yml | 7 +++++++
.../crun/files/runtimeclass-crun.yml | 6 ++++++
.../container_runtimes/crun/tasks/main.yaml | 19 +++++++++++++++++++
.../container_runtimes/meta/main.yml | 7 +++++++
roles/kubespray-defaults/defaults/main.yaml | 4 ++++
9 files changed, 81 insertions(+), 1 deletion(-)
create mode 100644 roles/container-engine/crun/defaults/main.yml
create mode 100644 roles/container-engine/crun/tasks/main.yml
create mode 100644 roles/kubernetes-apps/container_runtimes/crun/files/runtimeclass-crun.yml
create mode 100644 roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml
diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml
index 3fadc9719..25711588c 100644
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -54,6 +54,13 @@ kata_runtimes:
type: oci
root: /run/kata-containers
+# crun is a fast and low-memory footprint OCI Container Runtime fully written in C.
+crun_runtime:
+ name: crun
+ path: /usr/bin/crun
+ type: oci
+ root: /run/crun
+
# When this is true, CRI-O package repositories are added. Set this to false when using an
# environment with preconfigured CRI-O package repositories.
crio_add_repos: true
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 0a9ebc93c..2707a3432 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -45,12 +45,18 @@
- import_tasks: "crictl.yml"
-- name: Build a list of crio runtimes
+- name: Build a list of crio runtimes with Katacontainers runtimes
set_fact:
crio_runtimes: "{{ crio_runtimes + kata_runtimes }}"
when:
- kata_containers_enabled
+- name: Build a list of crio runtimes with crun runtime
+ set_fact:
+ crio_runtimes: "{{ crio_runtimes + [crun_runtime] }}"
+ when:
+ - crun_enabled
+
- name: Make sure needed folders exist in the system
with_items:
- /etc/crio
diff --git a/roles/container-engine/crun/defaults/main.yml b/roles/container-engine/crun/defaults/main.yml
new file mode 100644
index 000000000..54d429221
--- /dev/null
+++ b/roles/container-engine/crun/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+crun_version: 0.15
+crun_release_url: https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ host_architecture }}
+crun_bin_dir: /usr/bin/
diff --git a/roles/container-engine/crun/tasks/main.yml b/roles/container-engine/crun/tasks/main.yml
new file mode 100644
index 000000000..97a983c35
--- /dev/null
+++ b/roles/container-engine/crun/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Create binary destination folder
+ file:
+ mode: '0755'
+ state: directory
+ path: "{{ crun_bin_dir }}"
+
+- name: Check if binary exists
+ stat:
+ path: "{{ crun_bin_dir }}/crun"
+ register: crun_stat
+
+- name: Download binary
+ get_url:
+ url: "{{ crun_release_url }}"
+ dest: "{{ crun_bin_dir }}/crun"
+ mode: '0755'
+ when: not crun_stat.stat.exists
diff --git a/roles/container-engine/meta/main.yml b/roles/container-engine/meta/main.yml
index c85eb441e..6218db932 100644
--- a/roles/container-engine/meta/main.yml
+++ b/roles/container-engine/meta/main.yml
@@ -7,6 +7,13 @@ dependencies:
- container-engine
- kata-containers
+ - role: container-engine/crun
+ when:
+ - crun_enabled
+ tags:
+ - container-engine
+ - crun
+
- role: container-engine/cri-o
when:
- container_manager == 'crio'
diff --git a/roles/kubernetes-apps/container_runtimes/crun/files/runtimeclass-crun.yml b/roles/kubernetes-apps/container_runtimes/crun/files/runtimeclass-crun.yml
new file mode 100644
index 000000000..1e23a4aa9
--- /dev/null
+++ b/roles/kubernetes-apps/container_runtimes/crun/files/runtimeclass-crun.yml
@@ -0,0 +1,6 @@
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1beta1
+metadata:
+ name: crun
+handler: crun
diff --git a/roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml
new file mode 100644
index 000000000..1d790267b
--- /dev/null
+++ b/roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml
@@ -0,0 +1,19 @@
+---
+
+- name: crun | Copy runtime class manifest
+ copy:
+ src: runtimeclass-crun.yml
+ dest: "{{ kube_config_dir }}/runtimeclass-crun.yml"
+ mode: preserve
+ when:
+ - inventory_hostname == groups['kube-master'][0]
+
+- name: crun | Apply manifests
+ kube:
+ name: "runtimeclass-crun"
+ kubectl: "{{ bin_dir }}/kubectl"
+ resource: "runtimeclass"
+ filename: "{{ kube_config_dir }}/runtimeclass-crun.yml"
+ state: "latest"
+ when:
+ - inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/container_runtimes/meta/main.yml b/roles/kubernetes-apps/container_runtimes/meta/main.yml
index e964f2be4..3c56e992e 100644
--- a/roles/kubernetes-apps/container_runtimes/meta/main.yml
+++ b/roles/kubernetes-apps/container_runtimes/meta/main.yml
@@ -6,3 +6,10 @@ dependencies:
- apps
- kata-containers
- container-runtimes
+
+ - role: kubernetes-apps/container_runtimes/crun
+ when: crun_enabled
+ tags:
+ - apps
+ - crun
+ - container-runtimes
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 72b9fb616..aa6cf675e 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -224,6 +224,10 @@ container_manager: docker
# When enabled, it requires `container_manager` different than Docker
kata_containers_enabled: false
+# Enable crun as additional container runtime
+# When enabled, it requires container_manager=crio
+crun_enabled: false
+
# Container on localhost (download images when download_localhost is true)
container_manager_on_localhost: "{{ container_manager }}"
--
GitLab