From 4c43daef8a8ce275f87d66a19497e31afc50ad9e Mon Sep 17 00:00:00 2001 From: David Liu Date: Mon, 22 May 2023 02:10:13 -0400 Subject: [PATCH] Add kata containers support for Starlingx With kata-community released kata containers runtime binaries, guest vm kernel and images. As in previous StarlingX 7.0 Debian and CentOS Release we have kata container support which is from community kata 1.x release. To leverage the OS community effort with the latest kata container version, need to utilize the prebuilt runtime binaries, guest vm kernel and images, by default the hypervisor is amd64-x86 qemu. To provide the customization support for StarlingX, the kata container default configuration file will be modified. Test Plan: PASS - Build kata-containers package PASS - Build/install image on AIO-SX PASS - Verify that the package is installed in the system PASS - Verify that the kata-runtime env command could print correct environments information. PASS - Verify that the kata-runtime check command print system is capable of running kata containers. PASS - Verify that kubectl could create pod with kata containers runtime, and pod start successfully. Story: 2010765 Task: 48073 Depends-On: https://review.opendev.org/c/starlingx/virt/+/885342 Change-Id: I7b8a0cab1e71e65291792b763ca801480648b511 Signed-off-by: David Liu --- debian_iso_image.inc | 3 ++ debian_pkg_dirs | 3 ++ kata-containers/debian/deb_folder/changelog | 5 ++ kata-containers/debian/deb_folder/control | 18 +++++++ kata-containers/debian/deb_folder/copyright | 28 ++++++++++ .../debian/deb_folder/kata-containers.install | 20 +++++++ kata-containers/debian/deb_folder/rules | 7 +++ kata-containers/debian/meta_data.yaml | 10 ++++ ...1-patch-to-change-configuration-file.patch | 53 +++++++++++++++++++ kata-containers/debian/patches/series | 1 + 10 files changed, 148 insertions(+) create mode 100644 kata-containers/debian/deb_folder/changelog create mode 100644 kata-containers/debian/deb_folder/control create mode 100644 kata-containers/debian/deb_folder/copyright create mode 100644 kata-containers/debian/deb_folder/kata-containers.install create mode 100644 kata-containers/debian/deb_folder/rules create mode 100644 kata-containers/debian/meta_data.yaml create mode 100644 kata-containers/debian/patches/0001-patch-to-change-configuration-file.patch create mode 100644 kata-containers/debian/patches/series diff --git a/debian_iso_image.inc b/debian_iso_image.inc index 657af06ad..497a36b2d 100644 --- a/debian_iso_image.inc +++ b/debian_iso_image.inc @@ -165,6 +165,9 @@ k8s-pod-recovery #k8s-cni-cache-cleanup k8s-cni-cache-cleanup +#kata-containers +kata-containers + #kubectl-cert-manager kubectl-cert-manager diff --git a/debian_pkg_dirs b/debian_pkg_dirs index f439dc021..412bb4123 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -55,6 +55,9 @@ golang-github-dev/golang-github-networkplumbing-go-nft-dev grub/grub-efi grub/grub2 grub/grubby +kata-containers +kubernetes/armada +kubernetes/armada-helm-toolkit kubernetes/chartmuseum kubernetes/cni/bond-cni kubernetes/cni/plugins diff --git a/kata-containers/debian/deb_folder/changelog b/kata-containers/debian/deb_folder/changelog new file mode 100644 index 000000000..f1bd53bac --- /dev/null +++ b/kata-containers/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +kata-containers (3.1.3) stable; urgency=medium + + * Initial release + + -- David Liu Mon, 22 May 2023 23:10:58+0800 diff --git a/kata-containers/debian/deb_folder/control b/kata-containers/debian/deb_folder/control new file mode 100644 index 000000000..5855115b0 --- /dev/null +++ b/kata-containers/debian/deb_folder/control @@ -0,0 +1,18 @@ +Source: kata-containers +Section: admin +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13) +Standards-Version: 4.4.1 +Homepage: https://www.starlingx.io + +Package: kata-containers +Architecture: amd64 +Depends: qemu-system-x86 [amd64], + ${misc:Depends}, + ${shlibs:Depends} +Description: secure container runtime with lightweight virtual machines + Kata Containers is an open source project and community working to build a + standard implementation of lightweight Virtual Machines (VMs) that feel and + perform like containers, but provide the workload isolation and security + advantages of VMs. diff --git a/kata-containers/debian/deb_folder/copyright b/kata-containers/debian/deb_folder/copyright new file mode 100644 index 000000000..114ad490e --- /dev/null +++ b/kata-containers/debian/deb_folder/copyright @@ -0,0 +1,28 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: kata-containers +Source: https://github.com/kata-containers/kata-containers.git +Files: * +Copyright: (c) 2013-2023 Wind River Systems, Inc +License: Apache-2 + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2021 Wind River Systems, Inc +License: Apache-2 + +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/kata-containers/debian/deb_folder/kata-containers.install b/kata-containers/debian/deb_folder/kata-containers.install new file mode 100644 index 000000000..8ce4d0662 --- /dev/null +++ b/kata-containers/debian/deb_folder/kata-containers.install @@ -0,0 +1,20 @@ +opt/kata/bin/containerd-shim-kata-v2 /usr/bin/ +opt/kata/bin/kata-runtime /usr/bin/ +opt/kata/bin/kata-collect-data.sh /usr/bin/ +opt/kata/libexec/virtiofsd /usr/kata/libexec/ +opt/kata/share/defaults/kata-containers/configuration-qemu.toml /etc/kata-containers/ +opt/kata/share/defaults/kata-containers/configuration.toml /etc/kata-containers/ +opt/kata/share/kata-containers/config-5.10.25 /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/config-5.19.2 /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/kata-alpine-3.15.initrd /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/kata-ubuntu-latest.image /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/kata-containers-initrd.img /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/kata-containers.img /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/vmlinux-5.10.25-100-dragonball-experimental /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/vmlinux-5.19.2-100 /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/vmlinux-dragonball-experimental.container /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/vmlinux.container /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/vmlinuz-5.10.25-100-dragonball-experimental /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/vmlinuz-5.19.2-100 /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/vmlinuz-dragonball-experimental.container /var/opt/kata/share/kata-containers/ +opt/kata/share/kata-containers/vmlinuz.container /var/opt/kata/share/kata-containers/ diff --git a/kata-containers/debian/deb_folder/rules b/kata-containers/debian/deb_folder/rules new file mode 100644 index 000000000..d95e77119 --- /dev/null +++ b/kata-containers/debian/deb_folder/rules @@ -0,0 +1,7 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_dwz: + dh_dwz --no-dwz-multifile || : diff --git a/kata-containers/debian/meta_data.yaml b/kata-containers/debian/meta_data.yaml new file mode 100644 index 000000000..156e02193 --- /dev/null +++ b/kata-containers/debian/meta_data.yaml @@ -0,0 +1,10 @@ +--- +debname: kata-containers +debver: 3.1.3 +dl_path: + name: kata-static-3.1.3-x86_64.tar.xz + url: https://github.com/kata-containers/kata-containers/releases/download/3.1.3/kata-static-3.1.3-x86_64.tar.xz + sha256sum: 266c906222c85b67867dea3c9bdb58c6da0b656be3a29f9e0bed227c939f3f26 +revision: + dist: $STX_DIST + PKG_GITREVCOUNT: true diff --git a/kata-containers/debian/patches/0001-patch-to-change-configuration-file.patch b/kata-containers/debian/patches/0001-patch-to-change-configuration-file.patch new file mode 100644 index 000000000..9966a8dfa --- /dev/null +++ b/kata-containers/debian/patches/0001-patch-to-change-configuration-file.patch @@ -0,0 +1,53 @@ +From 02a4ab1606ec7df06a1a34d6be4c05654e2879ac Mon Sep 17 00:00:00 2001 +From: David Liu +Date: Fri, 2 Jun 2023 02:27:27 -0400 +Subject: [PATCH] patch to change configuration file + +Signed-off-by: David Liu +--- + .../defaults/kata-containers/configuration-qemu.toml | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/opt/kata/share/defaults/kata-containers/configuration-qemu.toml b/opt/kata/share/defaults/kata-containers/configuration-qemu.toml +index d451b89..a23a85c 100644 +--- a/opt/kata/share/defaults/kata-containers/configuration-qemu.toml ++++ b/opt/kata/share/defaults/kata-containers/configuration-qemu.toml +@@ -12,9 +12,9 @@ + # XXX: Type: kata + + [hypervisor.qemu] +-path = "/opt/kata/bin/qemu-system-x86_64" +-kernel = "/opt/kata/share/kata-containers/vmlinux.container" +-image = "/opt/kata/share/kata-containers/kata-containers.img" ++path = "/usr/bin/qemu-system-x86_64" ++kernel = "/var/opt/kata/share/kata-containers/vmlinux.container" ++image = "/var/opt/kata/share/kata-containers/kata-containers.img" + # initrd = "/opt/kata/share/kata-containers/kata-containers-initrd.img" + machine_type = "q35" + +@@ -60,7 +60,7 @@ enable_annotations = ["enable_iommu"] + # Each member of the list is a path pattern as described by glob(3). + # The default if not set is empty (all annotations rejected.) + # Your distribution recommends: ["/opt/kata/bin/qemu-system-x86_64"] +-valid_hypervisor_paths = ["/opt/kata/bin/qemu-system-x86_64"] ++valid_hypervisor_paths = ["/usr/bin/qemu-system-x86_64"] + + # Optional space-separated list of options to pass to the guest kernel. + # For example, use `kernel_params = "vsyscall=emulate"` if you are having +@@ -181,12 +181,12 @@ disable_block_device_use = false + shared_fs = "virtio-fs" + + # Path to vhost-user-fs daemon. +-virtio_fs_daemon = "/opt/kata/libexec/virtiofsd" ++virtio_fs_daemon = "/usr/kata/libexec/virtiofsd" + + # List of valid annotations values for the virtiofs daemon + # The default if not set is empty (all annotations rejected.) + # Your distribution recommends: ["/opt/kata/libexec/virtiofsd"] +-valid_virtio_fs_daemon_paths = ["/opt/kata/libexec/virtiofsd"] ++valid_virtio_fs_daemon_paths = ["/usr/kata/libexec/virtiofsd"] + + # Default size of DAX cache in MiB + virtio_fs_cache_size = 0 +-- +2.29.2 diff --git a/kata-containers/debian/patches/series b/kata-containers/debian/patches/series new file mode 100644 index 000000000..4bed9bb97 --- /dev/null +++ b/kata-containers/debian/patches/series @@ -0,0 +1 @@ +0001-patch-to-change-configuration-file.patch \ No newline at end of file