-
|
I'm working on adding CRI (sic!) support to my container workload tracking module whalewatcher and eventually to the Siemens Edgeshark project for container communication discovery and capturing. At the moment I use in my unit tests a kindest/base-derived image in order to test against a containerd-backed CRI API service. kindest/base provides a containerd-in-container setup that allows me to test against the only recently introduced container event API of CRI. Preferably I would like to additionally test against CRI-O, but without the hassles of first having to install it into Github pipelines, Gitlab pipelines, development hosts, et cetera. So, is there a CRI-O-in-container image available or maybe planned? While I had no succcess finding one so far I might have simply overlooked the obvious? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
Hey @thediveo, right now there is no officially container image available. I think having kind support would be the ideal road to go, but right now we have no official support for CRI-O in kind. See: https://gist.github.com/aojea/bd1fb766302779b77b8f68fa0a81c0f2 |
Beta Was this translation helpful? Give feedback.
-
|
@saschagrunert Thank you very much! warm-metal's kindest-base-crio at first glance looks like a good starting point, because I'm using kindest/base as my base, not kindest/node. My rationale here is that I don't want to start any k8s-related infra, but "just" need the CRI API-serving container engine to be up and correctly running. Now, in the gist you referenced I couldn't see any mention of how the images get deployed, hopefully I didn't miss it? The KinD sources feature a set of (deployment) "providers", for instance, the Docker provider: https://github.com/kubernetes-sigs/kind/blob/3610f606516ccaa88aa098465d8c13af70937050/pkg/cluster/internal/providers/docker/provision.go#L133 But how do kindest-base-crio or the crio node images get deployed, especially which arguments are required for deployment? Is "privileged" required, which host volumes need to be passed to the crio image, ...? |
Beta Was this translation helpful? Give feedback.
-
|
Seems that the following RUN OS=Debian_11 && VERSION=1.26 \
&& apt-get update \
&& apt-get install -y --no-install-recommends gnupg \
&& echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" \
> /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list \
&& echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" \
> /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list \
&& mkdir -p /usr/share/keyrings \
&& curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key \
| gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg \
&& curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key \
| gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg \
&& apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y -o Dpkg::Options::="--force-confold" cri-o cri-o-runc \
&& systemctl enable crio \
&& apt-get clean -y \
&& rm -rf \
/var/cache/debconf/* \
/var/lib/apt/lists/* \
/var/log/* \
/tmp/* \
/var/tmp/* \
/usr/share/doc/* \
/usr/share/doc-base/* \
/usr/share/man/* \
/usr/share/local/* |
Beta Was this translation helpful? Give feedback.
Seems that the following
RUNdoes the trick, when executed on top of akindest/baseimage: