kata-irc-bot | <david_hay> Perhaps a dumb question, but looking at the `kata-agent-ctl` docco, specifically this I know that I can invoke the `CreateContainer` command and pass in the path of a container image bundle via `spec=` ... This works with an externally hosted image bundle - however, I've added some APIs to `kata-agent` and `kata-agent-ctl` to handle image pulling, signature verification and unbundling ( from manifest/OC to bundle ) *inside* the | 18:22 |
---|---|---|
kata-irc-bot | Pod Sandbox Trying to work out how to leverage the `spec=` route to have `CreateContainer` run against the bundle file-system *inside* the Pod Sandbox itself | 18:22 |
kata-irc-bot | <david_hay> Now trying to work out how to get `kata-agent` to create a container from the *inside the Pod Sandbox* bundle .... | 18:24 |
kata-irc-bot | <david_hay> Have hacked a "clone" of the `do_create_container()` function, but that feels messy - wondering whether there's a better way ? | 18:25 |
kata-irc-bot | <rco> I'm seeing this error from the kubelet while trying to run the a kata-qemu container on minikube: ```...pod_workers.go:191] Error syncing pod... failed to "CreatePod Sandbox"... runtime \"/usr/local/bin/containerd.shim.kata.qemu.v2\" binary not installed \"containerd-shim-qemu-v2\": file doe s not exist``` I've followed [this | 21:47 |
kata-irc-bot | guide](https://github.com/kata-containers/kata-containers/blob/main/docs/install/minikube-installation-guide.md). kata-deploy did install containerd-shim-qemu-v2 in /usr/local/bin (though /usr/local/bin is not on the path). However, even after copying that executable to /usr/bin, and making copies in both places with dots in place of dashes, I get the same error. Also, the stuff kata-deploy put in /etc/crio/crio.conf.d/99-kata-deploy looks | 21:47 |
kata-irc-bot | sane to me. kata-runtime check from inside minikube thinks everything is okay. I'm using cri-o, kubernetes 1.19.13 (though I've tried newer versions and had the same error), minikube 1.22.0, and kata-containers commit 0e2be438bdd6d213ac4a3d7d300a5757c4137799 (HEAD, tag: 2.1.1). The new-ness of minikube stands out to me, perhaps that is the problem? | 21:47 |
kata-irc-bot | <fidencio> You'll need a newer version of CRI-O, basically. | 22:11 |
kata-irc-bot | <fidencio> This was fixed in https://github.com/cri-o/cri-o/pull/4590 | 22:12 |
kata-irc-bot | <fidencio> And the issue https://github.com/cri-o/cri-o/issues/4589 | 22:13 |
kata-irc-bot | <fidencio> IIRC, a possible workaround would be renaming your binary to something like "containerd-shim-kata-v2" and place it as part of the PATH (for instance, in /usr/bin/) | 22:15 |
kata-irc-bot | <fidencio> As https://github.com/containerd/containerd/pull/5007 also had a play on this /o\ | 22:15 |
kata-irc-bot | <fidencio> So, kata-deploy will put the binaries at `/opt/kata` | 22:20 |
kata-irc-bot | <fidencio> You'll have to copy them from there to `/usr/bin` | 22:20 |
kata-irc-bot | <fidencio> The adjust the names (due to the first issue I pointed out) | 22:20 |
kata-irc-bot | <fidencio> And you also need to adjust `/etc/crio/crio.conf.d/...` to point to the new binary location | 22:20 |
kata-irc-bot | <fidencio> If that doesn't work,please, drop an email to the kata-dev mailing list (http://lists.katacontainers.io/pipermail/kata-dev/) and Tomorrow I can give you detailed info / instructions. | 22:22 |
kata-irc-bot | <rco> Okay, if i'm understanding right, the first issue is with cri-o and has to do with the fact that kata puts dashes in its executable names, and the other is with containerd and has to do with it insalling them in /usr/local/bin which is not on the path in minikube? | 22:22 |
kata-irc-bot | <rco> so only the first one would be applicable to my cri-o minikube cluster? | 22:22 |
kata-irc-bot | <fidencio> The second issue is related to having or not the location where the binary is as part of your PATH | 22:22 |
kata-irc-bot | <fidencio> both will apply to your case, IIRC. | 22:23 |
kata-irc-bot | <fidencio> containerd code (which is also shared on CRI-O) would ignore the full location passed and look for the filename in the PATH and if it doesn't find it, it bails. | 22:24 |
kata-irc-bot | <rco> oh dang, cri-o depends on containerd? | 22:24 |
kata-irc-bot | <rco> My already-fragile mental model of the OCI/CRI universe is cracking... | 22:25 |
kata-irc-bot | <fidencio> CRI-O vendors one piece of containerd, a specific piece that's responsible for spawning "shimv2" kind of runtimes | 22:26 |
kata-irc-bot | <fidencio> https://github.com/cri-o/cri-o/blob/a212a95459fcf2234b1371f5307c51683ba37ff2/internal/oci/runtime_vm.go#L232-L240 | 22:27 |
kata-irc-bot | <fidencio> So, drop an email to the ML and Tomorrow afternoon we talk here or over the ML, in a more fortunate time for me. :slightly_smiling_face: | 22:29 |
kata-irc-bot | <fidencio> Good luck, and let us know if that worked. | 22:29 |
kata-irc-bot | <rco> thanks very much! | 22:29 |
*** ChanServ changes topic to "Kata Containers General discussion | https://github.com/kata-containers | http://lists.katacontainers.io/ | http://bit.ly/katacontainersslack | https://katacontainers.io/ | Dev topics in #kata-dev" | 22:55 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!