Add kata containers support for Starlingx

With kata-community released kata containers runtime binaries, guest vm kernel and images. As in previous StarlingX 7.0 Debian and CentOS Release we have kata container support which is from community kata 1.x release. To leverage the OS community effort with the latest kata container version, need to utilize the prebuilt runtime binaries, guest vm kernel and images, by default the hypervisor is amd64-x86 qemu. To provide the customization support for StarlingX, the kata container default configuration file will be modified. Test Plan: PASS - Build kata-containers package PASS - Build/install image on AIO-SX PASS - Verify that the package is installed in the system PASS - Verify that the kata-runtime env command could print correct environments information. PASS - Verify that the kata-runtime check command print system is capable of running kata containers. PASS - Verify that kubectl could create pod with kata containers runtime, and pod start successfully. Story: 2010765 Task: 48073 Depends-On: https://review.opendev.org/c/starlingx/virt/+/885342 Change-Id: I7b8a0cab1e71e65291792b763ca801480648b511 Signed-off-by: David Liu <david.liu@windriver.com>
2023-05-22 02:10:13 -04:00 · 2023-05-22 02:10:13 -04:00 · 4c43daef8a
parent 0aa365b12b
commit 4c43daef8a
10 changed files with 148 additions and 0 deletions
--- a/debian_iso_image.inc
+++ b/debian_iso_image.inc
@ -165,6 +165,9 @@ k8s-pod-recovery
 #k8s-cni-cache-cleanup
 k8s-cni-cache-cleanup

+#kata-containers
+kata-containers
+
 #kubectl-cert-manager
 kubectl-cert-manager

--- a/3
+++ b/3
@ -55,6 +55,9 @@ golang-github-dev/golang-github-networkplumbing-go-nft-dev
 grub/grub-efi
 grub/grub2
 grub/grubby
+kata-containers
+kubernetes/armada
+kubernetes/armada-helm-toolkit
 kubernetes/chartmuseum
 kubernetes/cni/bond-cni
 kubernetes/cni/plugins
--- a/kata-containers/debian/deb_folder/changelog
+++ b/kata-containers/debian/deb_folder/changelog
@ -0,0 +1,5 @@
+kata-containers (3.1.3) stable; urgency=medium
+
+  * Initial release
+
+   -- David Liu <david.liu@windriver.com>  Mon, 22 May 2023 23:10:58+0800
--- a/kata-containers/debian/deb_folder/control
+++ b/kata-containers/debian/deb_folder/control
@ -0,0 +1,18 @@
+Source: kata-containers
+Section: admin
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.4.1
+Homepage: https://www.starlingx.io
+
+Package: kata-containers
+Architecture: amd64
+Depends: qemu-system-x86 [amd64],
+         ${misc:Depends},
+         ${shlibs:Depends}
+Description: secure container runtime with lightweight virtual machines
+ Kata Containers is an open source project and community working to build a
+ standard implementation of lightweight Virtual Machines (VMs) that feel and
+ perform like containers, but provide the workload isolation and security
+ advantages of VMs.
--- a/kata-containers/debian/deb_folder/copyright
+++ b/kata-containers/debian/deb_folder/copyright
@ -0,0 +1,28 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: kata-containers
+Source: https://github.com/kata-containers/kata-containers.git
+Files: *
+Copyright: (c) 2013-2023 Wind River Systems, Inc
+License: Apache-2
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
--- a/kata-containers/debian/deb_folder/kata-containers.install
+++ b/kata-containers/debian/deb_folder/kata-containers.install
@ -0,0 +1,20 @@
+opt/kata/bin/containerd-shim-kata-v2 /usr/bin/
+opt/kata/bin/kata-runtime /usr/bin/
+opt/kata/bin/kata-collect-data.sh /usr/bin/
+opt/kata/libexec/virtiofsd  /usr/kata/libexec/
+opt/kata/share/defaults/kata-containers/configuration-qemu.toml /etc/kata-containers/
+opt/kata/share/defaults/kata-containers/configuration.toml /etc/kata-containers/
+opt/kata/share/kata-containers/config-5.10.25 /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/config-5.19.2 /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/kata-alpine-3.15.initrd /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/kata-ubuntu-latest.image /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/kata-containers-initrd.img /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/kata-containers.img /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/vmlinux-5.10.25-100-dragonball-experimental /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/vmlinux-5.19.2-100 /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/vmlinux-dragonball-experimental.container /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/vmlinux.container /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/vmlinuz-5.10.25-100-dragonball-experimental /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/vmlinuz-5.19.2-100 /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/vmlinuz-dragonball-experimental.container /var/opt/kata/share/kata-containers/
+opt/kata/share/kata-containers/vmlinuz.container /var/opt/kata/share/kata-containers/
--- a/kata-containers/debian/deb_folder/rules
+++ b/kata-containers/debian/deb_folder/rules
@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_dwz:
+	dh_dwz --no-dwz-multifile || :
--- a/kata-containers/debian/meta_data.yaml
+++ b/kata-containers/debian/meta_data.yaml
@ -0,0 +1,10 @@
+---
+debname: kata-containers
+debver: 3.1.3
+dl_path:
+  name: kata-static-3.1.3-x86_64.tar.xz
+  url: https://github.com/kata-containers/kata-containers/releases/download/3.1.3/kata-static-3.1.3-x86_64.tar.xz
+  sha256sum: 266c906222c85b67867dea3c9bdb58c6da0b656be3a29f9e0bed227c939f3f26
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true
--- a/kata-containers/debian/patches/0001-patch-to-change-configuration-file.patch
+++ b/kata-containers/debian/patches/0001-patch-to-change-configuration-file.patch
@ -0,0 +1,53 @@
+From 02a4ab1606ec7df06a1a34d6be4c05654e2879ac Mon Sep 17 00:00:00 2001
+From: David Liu <david.liu@windriver.com>
+Date: Fri, 2 Jun 2023 02:27:27 -0400
+Subject: [PATCH] patch to change configuration file
+
+Signed-off-by: David Liu <david.liu@windriver.com>
+---
+ .../defaults/kata-containers/configuration-qemu.toml | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/opt/kata/share/defaults/kata-containers/configuration-qemu.toml b/opt/kata/share/defaults/kata-containers/configuration-qemu.toml
+index d451b89..a23a85c 100644
+--- a/opt/kata/share/defaults/kata-containers/configuration-qemu.toml
+++ b/opt/kata/share/defaults/kata-containers/configuration-qemu.toml
+@@ -12,9 +12,9 @@
+ # XXX:   Type: kata
+
+ [hypervisor.qemu]
+-path = "/opt/kata/bin/qemu-system-x86_64"
+-kernel = "/opt/kata/share/kata-containers/vmlinux.container"
+-image = "/opt/kata/share/kata-containers/kata-containers.img"
+path = "/usr/bin/qemu-system-x86_64"
+kernel = "/var/opt/kata/share/kata-containers/vmlinux.container"
+image = "/var/opt/kata/share/kata-containers/kata-containers.img"
+ # initrd = "/opt/kata/share/kata-containers/kata-containers-initrd.img"
+ machine_type = "q35"
+
+@@ -60,7 +60,7 @@ enable_annotations = ["enable_iommu"]
+ # Each member of the list is a path pattern as described by glob(3).
+ # The default if not set is empty (all annotations rejected.)
+ # Your distribution recommends: ["/opt/kata/bin/qemu-system-x86_64"]
+-valid_hypervisor_paths = ["/opt/kata/bin/qemu-system-x86_64"]
+valid_hypervisor_paths = ["/usr/bin/qemu-system-x86_64"]
+
+ # Optional space-separated list of options to pass to the guest kernel.
+ # For example, use `kernel_params = "vsyscall=emulate"` if you are having
+@@ -181,12 +181,12 @@ disable_block_device_use = false
+ shared_fs = "virtio-fs"
+
+ # Path to vhost-user-fs daemon.
+-virtio_fs_daemon = "/opt/kata/libexec/virtiofsd"
+virtio_fs_daemon = "/usr/kata/libexec/virtiofsd"
+
+ # List of valid annotations values for the virtiofs daemon
+ # The default if not set is empty (all annotations rejected.)
+ # Your distribution recommends: ["/opt/kata/libexec/virtiofsd"]
+-valid_virtio_fs_daemon_paths = ["/opt/kata/libexec/virtiofsd"]
+valid_virtio_fs_daemon_paths = ["/usr/kata/libexec/virtiofsd"]
+
+ # Default size of DAX cache in MiB
+ virtio_fs_cache_size = 0
+--
+2.29.2
--- a/kata-containers/debian/patches/series
+++ b/kata-containers/debian/patches/series
@ -0,0 +1 @@
+0001-patch-to-change-configuration-file.patch
				`@ -0,0 +1 @@`
				`0001-patch-to-change-configuration-file.patch`