Code Review / it / test.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
add kubespray to the XTesting as it provides newer version of kubenetes and can be...
[it/test.git] / XTesting / kubespray / docs / cri-o.md
diff --git a/XTesting/kubespray/docs/cri-o.md b/XTesting/kubespray/docs/cri-o.md
new file mode 100644 (file)
index 0000000..43be723
--- /dev/null
+++ b/XTesting/kubespray/docs/cri-o.md
@@ -0,0 +1,78 @@
+# CRI-O
+
+[CRI-O] is a lightweight container runtime for Kubernetes.
+Kubespray supports basic functionality for using CRI-O as the default container runtime in a cluster.
+
+* Kubernetes supports CRI-O on v1.11.1 or later.
+* etcd: configure either kubeadm managed etcd or host deployment
+
+_To use the CRI-O container runtime set the following variables:_
+
+## all/all.yml
+
+```yaml
+download_container: false
+skip_downloads: false
+etcd_deployment_type: host # optionally kubeadm
+```
+
+## k8s_cluster/k8s_cluster.yml
+
+```yaml
+container_manager: crio
+```
+
+## all/crio.yml
+
+Enable docker hub registry mirrors
+
+```yaml
+crio_registries:
+  - prefix: docker.io
+    insecure: false
+    blocked: false
+    location: registry-1.docker.io
+    unqualified: false
+    mirrors:
+      - location: 192.168.100.100:5000
+        insecure: true
+      - location: mirror.gcr.io
+        insecure: false
+```
+
+## Note about pids_limit
+
+For heavily mult-threaded workloads like databases, the default of 1024 for pids-limit is too low.
+This parameter controls not just the number of processes but also the amount of threads
+(since a thread is technically a process with shared memory). See [cri-o#1921]
+
+In order to increase the default `pids_limit` for cri-o based deployments you need to set the `crio_pids_limit`
+for your `k8s_cluster` ansible group or per node depending on the use case.
+
+```yaml
+crio_pids_limit: 4096
+```
+
+[CRI-O]: https://cri-o.io/
+[cri-o#1921]: https://github.com/cri-o/cri-o/issues/1921
+
+## Note about user namespaces
+
+CRI-O has support for user namespaces. This feature is optional and can be enabled by setting the following two variables.
+
+```yaml
+crio_runtimes:
+  - name: runc
+    path: /usr/bin/runc
+    type: oci
+    root: /run/runc
+    allowed_annotations:
+    - "io.kubernetes.cri-o.userns-mode"
+
+crio_remap_enable: true
+```
+
+The `allowed_annotations` configures `crio.conf` accordingly.
+
+The `crio_remap_enable` configures the `/etc/subuid` and `/etc/subgid` files to add an entry for the **containers** user.
+By default, 16M uids and gids are reserved for user namespaces (256 pods * 65536 uids/gids) at the end of the uid/gid space.
This repo maintains the source code for the end-to-end testing and validation for the oran ric project.