#!/usr/bin/env bash # author: joe.zheng # version: 24.04.02 set -e # @self { # AUTO-GENERATED, DO NOT EDIT! SELF="$(basename $0)" SELF_VERSION="$(sed -n '1,4s/# version: \(.*\)/\1/p' $0)" # @self } NAME="${SELF#*-}" VERSION="3.3.0" # version to deploy CUR_VER= # current version if any RESET=n # reset the deployment UNINSTALL=n # reset the deployment and uninstall components REPO_URL="https://github.com/kata-containers/kata-containers" TIMEOUT="300s" KATA_DIR_BIN="/opt/kata/bin" # @dry-run { # AUTO-GENERATED, DO NOT EDIT! DRY_RUN="${DRY_RUN:-n}" # "y" to enable RUN='' # command prefix for dry run if [[ $DRY_RUN == 'y' ]]; then RUN='echo' fi # @dry-run } function usage() { cat <] [-v ] [-R] [-U] [-n] [-h] Deploy Kata Containers in Kubernetes cluster the easy way -m : use mirror [$MIRRORS], default: $MIRROR -v : target version, default: $VERSION -R: reset the deployment, default: $RESET -U: reset the deployment and uninstall components, default: $UNINSTALL -n: print information only, default: $DRY_RUN -h: print the usage message Cache: To speed up deployment, the required files will be cached at "$CACHE" Environment variables: MIRROR_URL: mirror to use, default: $MIRROR_URL OFFLINE: force into offline mode [y n], default: $OFFLINE Examples: 1. Deploy Kata Containers $SELF 2. Reset the deployment $SELF -R 3. Deploy with specific version $SELF -v $VERSION 4. Reset the deployment and uninstall $SELF -U Version: $SELF_VERSION EOF } function current_version() { local version= if [[ -n $(which kata-runtime) ]]; then version="$(kata-runtime version | head -n1 | sed -n 's/kata-runtime\s*:\s*//p')" version=${version#v} fi echo $version } function main() { # add bin dir into search path PATH=$KATA_DIR_BIN:$PATH # adjust default version if already deployed CUR_VER="$(current_version)" VERSION="${CUR_VER:-$VERSION}" while getopts ":m:v:hnRU" opt do case $opt in m ) MIRROR=$OPTARG if echo $MIRRORS | grep -v -w $MIRROR >/dev/null 2>&1; then err "invalid mirror option $MIRROR" usage && exit 1 fi ;; v ) VERSION=${OPTARG#v};; R ) RESET=y;; U ) RESET=y && UNINSTALL=y;; n ) DRY_RUN=y && RUN='echo';; h ) usage && exit;; * ) usage && echo "invalid option: -$OPTARG" && exit 1;; esac done shift $((OPTIND-1)) for v in CACHE DRY_RUN MIRROR MIRROR_URL OFFLINE RESET UNINSTALL VERSION CUR_VER do eval echo "$v: \${$v}" done [[ $DRY_RUN == "y" ]] && exit validate_sudo check_prerequisites check_network check_mirror ensure_workdir local manifest_dir="$CACHE_MANIFESTS/kata-$VERSION" local manifest_list=" kata-rbac/base/kata-rbac.yaml kata-deploy/base/kata-deploy.yaml runtimeclasses/kata-runtimeClasses.yaml kata-cleanup/base/kata-cleanup.yaml examples/test-deploy-kata-qemu.yaml " mkdir -p $manifest_dir if [[ $OFFLINE == "y" ]]; then msg "WARNING: offline mode, cache must be ready" else msg "download manifests" for n in $manifest_list; do local u="$REPO_URL/raw/$VERSION/tools/packaging/kata-deploy/$n" download_file "$(mirror_url $u)" "$manifest_dir/$(basename $n)" done fi if [[ $RESET == "y" ]]; then local kd="kubectl delete --ignore-not-found" msg "delete kata-deploy (if any)" $kd -f $manifest_dir/test-deploy-kata-qemu.yaml $kd -f $manifest_dir/kata-deploy.yaml msg "wait until deleted (timeout: $TIMEOUT)" kubectl -n kube-system wait --timeout $TIMEOUT --for=delete -l name=kata-deploy pod msg "deploy cleanup task, wait until done" kubectl apply -f $manifest_dir/kata-cleanup.yaml local label='katacontainers\.io/kata-runtime' while [[ -n "$(kubectl get node -o jsonpath="{.items[*].metadata.labels.$label}")" ]]; do sleep 1 echo -n '.' done echo msg "delete all" for n in kata-cleanup.yaml kata-rbac.yaml kata-runtimeClasses.yaml; do local f=$manifest_dir/$n msg "delete $f" $kd -f $f done else msg "deploy kata-deploy" for n in kata-rbac.yaml kata-deploy.yaml; do local f=$manifest_dir/$n msg "apply $f" kubectl apply -f $f done msg "wait until ready (timeout: $TIMEOUT)" kubectl -n kube-system wait --timeout $TIMEOUT --for condition=Ready -l name=kata-deploy pod msg "deploy kata runtime classes" kubectl apply -f $manifest_dir/kata-runtimeClasses.yaml cat </dev/null 2>&1; then err "can't access k8s cluster" exit 1 fi } # @base { # AUTO-GENERATED, DO NOT EDIT! function msg { echo "> $@" } function err { echo "> $@" >&2 } function has() { [[ -z "${1##*$2*}" ]] && [[ -z "$2" || -n "$1" ]] } # @base } # @sudo { # AUTO-GENERATED, DO NOT EDIT! SUDO="sudo" if [[ $(id -u) == "0" ]]; then SUDO="" fi function validate_sudo() { if [[ -n $SUDO ]]; then msg "validate sudo" sudo -v fi } # @sudo } # @network { # AUTO-GENERATED, DO NOT EDIT! OFFLINE="${OFFLINE:-n}" # no external network MIRROR="${MIRROR:-auto}" # mirror option to use MIRRORS="yes no auto" # valid mirror options USE_MIRROR="${USE_MIRROR:-n}" # need to use mirror MIRROR_URL="${MIRROR_URL:-https://iffi.me/proxy}" # mirror or http proxy to use URL_TO_CHECK="${URL_TO_CHECK:-https://raw.githubusercontent.com}" # the target URL is reachable but the response may be 4xx or 5xx function can_access() { curl -IL -s -m 5 $1 >/dev/null 2>&1 } function check_network() { msg "check network" if [[ $OFFLINE != 'y' ]]; then if ! can_access example.com; then msg "can't access external network" OFFLINE="y" fi fi msg "offline mode: $OFFLINE" } function check_mirror() { msg "use mirror or not" local mirror; if [[ $MIRROR == "auto" ]]; then mirror="yes" # default as needed if [[ $OFFLINE == "y" ]]; then msg "offline mode, assume mirror is needed" else local target="$URL_TO_CHECK" msg "check whether we can access $target" if can_access $target; then msg "curl $target is OK" mirror="no" else msg "curl $target is FAILED" fi fi fi if [[ $MIRROR == "yes" || $mirror == "yes" ]]; then msg "mirror is needed" if can_access $MIRROR_URL; then USE_MIRROR="y" else err "failed to access mirror ($MIRROR_URL)" fi fi msg "use mirror: $USE_MIRROR" } function mirror_url() { local origin="${1:?argument missing}" if [[ $USE_MIRROR == "y" ]]; then echo -n "$MIRROR_URL/$origin" else echo -n "$origin" fi } # @network } # @cache { # AUTO-GENERATED, DO NOT EDIT! CACHE="${CACHE:-cache}" # the cache directory CACHE_RUN="${CACHE_RUN:-$CACHE/run/$SELF}" # runtime generated files CACHE_IMAGES="${CACHE_IMAGES:-$CACHE/images}" # exported container images CACHE_PACKAGES="${CACHE_PACKAGES:-$CACHE/packages}" # software packages, e.g. .deb, .tar.gz CACHE_MANIFESTS="${CACHE_MANIFESTS:-$CACHE/manifests}" # manifest files in YAML format CACHE_DOWNLOADING="${CACHE_DOWNLOADING:-$CACHE/.download}" # temporary directory for downloading function ensure_workdir() { msg "ensure workdir" for d in $CACHE_RUN $CACHE_IMAGES $CACHE_PACKAGES $CACHE_MANIFESTS $CACHE_DOWNLOADING; do if [[ ! -d $d ]]; then msg "create dir: $d" mkdir -p $d fi done } function download_file() { local src="${1:?missing source url}" local dst="${2:?missing destination}" if [[ -f "$dst" ]]; then msg "already exist: $dst" else msg "download: $src" local tmp="$CACHE_DOWNLOADING/$(basename $dst)" $RUN curl -fsSL $src > $tmp $RUN mkdir -p $(dirname $dst) && mv $tmp $dst msg "saved at: $dst" fi } # @cache } main "$@"