Wednesday, 2019-05-29

« Tuesday, 2019-05-28 Index Thursday, 2019-05-30 »
*** tmhoang has quit IRC02:04
*** igordc has quit IRC03:40
*** altlogbot_0 has quit IRC03:44
*** altlogbot_0 has joined #kata-general03:44
*** altlogbot_0 has quit IRC04:38
*** altlogbot_2 has joined #kata-general04:39
*** altlogbot_2 has quit IRC04:40
*** altlogbot_2 has joined #kata-general04:40
*** sameo has joined #kata-general05:24
*** pvdp6 has joined #kata-general05:49
*** lpetrut has joined #kata-general06:23
*** sgarzare has joined #kata-general06:57
*** tmhoang has joined #kata-general07:13
*** pvdp6 has quit IRC07:36
*** pvdp6 has joined #kata-general07:36
*** pvdp60 has joined #kata-general07:50
*** pvdp6 has quit IRC07:51
*** gwhaley has joined #kata-general08:07
*** sgarzare has quit IRC09:20
*** sgarzare has joined #kata-general09:43
*** pvdp60 has quit IRC12:43
kata-irc-bot2<tarekamalou> hello everyone after installing the kata deploy i tried to set a pod using the kata but it's always created by docker , so anyone can help13:39
kata-irc-bot2<graham.whaley> Hi @tarekamalou - I'm presuming you also applied the runtimeclass yaml's and added a runtimeClass entry to your pod yaml?13:40
kata-irc-bot2<graham.whaley> or, added the 'admission controller' that will make kata the default runtime?13:40
kata-irc-bot2<tarekamalou> i have just added the RBAC and the kata deploy13:41
kata-irc-bot2<tarekamalou> can you have a look please on it ?13:42
kata-irc-bot2<graham.whaley> OK, so that has installed kata - but, you then need something to tell the pods to use it :slightly_smiling_face:13:42
kata-irc-bot2<graham.whaley> let me see if I can find the instructions ...13:42
kata-irc-bot2<graham.whaley> Here @tarekamalou - in the 'run an example', you can see how to add the runtimeclass definition, and then use the example yamls in the repo that have the runtimeclass in them to direct the pod to use kata: https://github.com/kata-containers/packaging/tree/master/kata-deploy#run-a-sample-workload13:43
kata-irc-bot2<graham.whaley> also, if it helps, I wrote some instructions for installing in a minkube using the same method. Note though, *today* minikube install will not out of the box, as something changed, and we are waiting for changes to land in minikube to re-enable kata (not minikube fault btw... something kata changed...). See my gist at: https://gist.github.com/grahamwhaley/aadebd12a9ee832ea3f81bef1eca415613:45
kata-irc-bot2<tarekamalou> i'm using kubespray13:45
kata-irc-bot2<graham.whaley> or my pending instructions at https://github.com/kata-containers/documentation/blob/639611ce519e4e20aceffb9ba9efed9a54bf5be3/install/minikube-installation-guide.md13:46
kata-irc-bot2<eric.ernst> did you define th runtimeClass?13:46
kata-irc-bot2<tarekamalou> just tell me when trying to install kata deploy isn't it supposed to create 3 deamonsets13:51
kata-irc-bot2<tarekamalou> cause i only got one13:51
kata-irc-bot2<eric.ernst> should just require one.13:54
kata-irc-bot2<eric.ernst> For installing the artifacts onto the system and configuring the CRI implementation to utilize Kata.13:54
kata-irc-bot2<eric.ernst> After that, you have to explicitly define the runtime class, and update your workload to specify that runtimeclass handle.13:54
kata-irc-bot2<tarekamalou> sir can you try to fixe it13:56
kata-irc-bot2<tarekamalou> i can give you the access to my laptop via teamviewer13:56
kata-irc-bot2<eric.ernst> I won't be able to do that.  There are a couple of things you'll need to do after deplying.14:03
kata-irc-bot2<eric.ernst> So, 1) install RBAC rule, 2) install kata via kata-deploy 3) register a runtimeClass 4) run a workload which specifies the registered runtimeClass name14:04
kata-irc-bot2<eric.ernst> I think you did 1 maybe, and 2.14:04
kata-irc-bot2<eric.ernst> you should be able to run `kubectl get runtimeclasses`14:04
kata-irc-bot2<eric.ernst> see details @ https://github.com/kata-containers/packaging/tree/master/kata-deploy#run-a-sample-workload14:04
kata-irc-bot2<tarekamalou> yes i did the 314:05
kata-irc-bot2<eric.ernst> ok, then 4) - in your pod spec you need to have the field runtimeClassName14:05
kata-irc-bot2<eric.ernst> ie: ``` spec:       runtimeClassName: kata-qemu ```14:05
kata-irc-bot2<tarekamalou> apiVersion: v1 kind: Pod metadata:   annotations:     io.kubernetes.cri-o.TrustedSandbox: "false"     io.kubernetes.cri.untrusted-workload: "true"   name: nginx-untrusted spec:   containers:   - name: nginx     image: nginx   nodeSelector:     kata-containers.io/kata-runtime: "true"14:07
kata-irc-bot2<tarekamalou> this is my yaml pod14:07
kata-irc-bot2<tarekamalou> so now , do i have just to add the spec kata-qemu14:08
kata-irc-bot2<eric.ernst> what version of QEMU you using?14:19
kata-irc-bot2<eric.ernst> i'm sorry, of kubelet i mean?14:19
kata-irc-bot2<eric.ernst> Those annotations are going to be deprecated.14:19
kata-irc-bot2<eric.ernst> ideally you'd have: ``` apiVersion: v1 kind: Pod metadata:  name: nginx-untrusted spec:  containers:  - name: nginx    image: nginx  nodeSelector:    kata-containers.io/kata-runtime: "true" ```14:19
kata-irc-bot2<tarekamalou> you mean kubernetes version14:26
kata-irc-bot2<tarekamalou> it's 1.1414:27
kata-irc-bot2<krsna1729> @tarekamalou can you paste the link you referred for your install?14:28
kata-irc-bot2<tarekamalou> @krsna1729 https://medium.com/@abenahmed1/kata-deploy-un-moyen-rapide-dinstaller-des-kata-containers-sur-son-cluster-kubernetes-b146158f6058 this is the link14:29
kata-irc-bot2<tarekamalou> but i didn't get the same results14:29
kata-irc-bot2<krsna1729> you say docker, is that your runtime on all your nodes? we would need cri-o or containerd14:30
kata-irc-bot2<krsna1729> also the link pasted seems old. can you please refer the official documentation link pasted above by @graham.whaley14:30
*** lpetrut has quit IRC14:30
kata-irc-bot2<krsna1729> try and let us know14:31
kata-irc-bot2<tarekamalou>14:31
kata-irc-bot2<krsna1729> one of the pre-requisites for kata in kubernetes is having cri-o or containerd as the runtime14:32
kata-irc-bot2<krsna1729> instead of docker14:32
kata-irc-bot2<krsna1729> please follow this https://github.com/kata-containers/packaging/tree/master/kata-deploy14:33
kata-irc-bot2<tarekamalou> yes i know that but how to do that instead of deleting all i mean i  just want to change the runtime14:34
kata-irc-bot2<krsna1729> https://github.com/kubernetes-sigs/kubespray/blob/master/docs/cri-o.md14:37
kata-irc-bot2<krsna1729> its experimental14:37
kata-irc-bot2<krsna1729> cri-o v1.11.5 (experimental: see CRI-O Note. Only on centos based OS)14:38
kata-irc-bot2<krsna1729> only available on centos14:39
kata-irc-bot2<krsna1729> so you will have to install crio or containerd manually on some nodes14:39
kata-irc-bot2<krsna1729> others here could help with that14:40
kata-irc-bot2<tarekamalou> @krsna172914:40
kata-irc-bot2<tarekamalou> have a look on this14:40
kata-irc-bot2<krsna1729> i dont understand14:40
kata-irc-bot2<krsna1729> your describe node says all are docker14:41
kata-irc-bot2<krsna1729> what is the crio version on that node14:42
kata-irc-bot2<tarekamalou> how to check that bcz when i run cri-o version i get an error14:46
kata-irc-bot2<tarekamalou> @krsna1729 i used this at first to install kubernetes cluster https://www.howtoforge.com/tutorial/centos-kubernetes-docker-cluster/15:02
kata-irc-bot2<tarekamalou> then i found this15:06
kata-irc-bot2<tarekamalou> which says that cri plugin is enabled by default15:07
kata-irc-bot2<krsna1729> `crio version` should tell15:08
kata-irc-bot2<krsna1729> ooh ok so with newer docker you do get containerd bundled. i have not yet tried using that15:09
kata-irc-bot2<tarekamalou> command not founf15:11
kata-irc-bot2<krsna1729> do you see `/var/run/containerd/containerd.sock` on docker nodes?15:11
kata-irc-bot2<krsna1729> `crio --version` my bad15:11
kata-irc-bot2<tarekamalou> the same crio not found15:12
kata-irc-bot2<krsna1729> you are running that on the node with crio installed right?15:12
kata-irc-bot2<tarekamalou>15:15
kata-irc-bot2<tarekamalou> here it says that cri-o is the runtime for minion115:15
kata-irc-bot2<krsna1729> so ssh to minion1 and run the command15:15
kata-irc-bot2<tarekamalou> yeah i did it15:15
kata-irc-bot2<tarekamalou> but i says crio not found15:16
kata-irc-bot2<krsna1729> then i am not sure how we labeled it as crio @eric.ernst15:16
kata-irc-bot2<krsna1729> your initial picture said all your nodes have docker registered as runtime15:17
kata-irc-bot2<krsna1729> have you installed crio on any of your nodes?15:17
kata-irc-bot2<tarekamalou> no i didn't15:17
*** tmhoang has quit IRC15:19
kata-irc-bot2<krsna1729> you will have to try your luck by starting over15:23
kata-irc-bot2<krsna1729> and selecting crio as container runtime in kubespray15:23
kata-irc-bot2<krsna1729> else start small15:23
kata-irc-bot2<krsna1729> and follow the minikube example posted by @graham.whaley15:23
kata-irc-bot2<krsna1729> that way you understand the process once you have crio based cluster15:24
kata-irc-bot2<tarekamalou> yeah i think so i w'll start a new cluster15:25
*** tmhoang has joined #kata-general15:29
*** tmhoang has quit IRC15:33
*** altlogbot_2 has quit IRC15:35
*** altlogbot_3 has joined #kata-general15:35
*** irclogbot_3 has quit IRC15:36
*** irclogbot_1 has joined #kata-general15:36
*** tmhoang has joined #kata-general15:43
*** sgarzare has quit IRC15:48
*** tmhoang has quit IRC16:02
*** lpetrut has joined #kata-general16:06
*** sameo has quit IRC16:13
*** lpetrut has quit IRC16:14
*** gwhaley has quit IRC17:10
*** sameo has joined #kata-general17:25
*** sameo has quit IRC18:07
*** lcastell has joined #kata-general21:56
*** lcastell has quit IRC22:18
*** lcastell has joined #kata-general22:59
*** lcastell has quit IRC23:04
« Tuesday, 2019-05-28 Index Thursday, 2019-05-30 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!