CRI-O deb and rpm packages.

Go to file

Sascha Grunert 20dbf676f6 Sync OWNERS and add PR template Signed-off-by: Sascha Grunert <sgrunert@redhat.com>		2023-09-28 10:37:22 +02:00
.github	Sync OWNERS and add PR template	2023-09-28 10:37:22 +02:00
scripts	Cleanup Vagrantfile's	2023-09-28 10:19:29 +02:00
test	Cleanup Vagrantfile's	2023-09-28 10:19:29 +02:00
.gitignore	Cleanup Vagrantfile's	2023-09-28 10:19:29 +02:00
LICENSE	Initial commit	2023-09-18 14:34:08 -04:00
Makefile	Add OBS package scripts and GitHub actions	2023-09-19 17:18:57 +02:00
OWNERS	Sync OWNERS and add PR template	2023-09-28 10:37:22 +02:00
OWNERS_ALIASES	Sync OWNERS and add PR template	2023-09-28 10:37:22 +02:00
README.md	Cleanup Vagrantfile's	2023-09-28 10:19:29 +02:00
dependencies.yaml	Add helper script and rework dependencies	2023-09-25 16:31:46 +02:00

README.md

CRI-O Packaging

The intention of this project is to encapsulate CRI-O's packaging efforts into a dedicated repository, following official Kubernetes guidelines by using the openSUSE Build Service (OBS).

Motivation

The following resources are great to understand the motivation behind the latest deb and rpm packaging efforts within the Kubernetes community:

pkgs.k8s.io: Introducing Kubernetes Community-Owned Package Repositories: https://kubernetes.io/blog/2023/08/15/pkgs-k8s-io-introduction/
Kubernetes Legacy Package Repositories Will Be Frozen On September 13, 2023: https://kubernetes.io/blog/2023/08/31/legacy-package-repository-deprecation/
Installing Kubernetes via kubeadm: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#dpkg-k8s-package-repo

Project Layout

CRI-O uses the same basic project layout in OBS as Kubernetes, but lives in a dedicated umbrella subproject called isv:kubernetes:addons:cri-o.

This project contains a bunch of other subprojects:

Stable Versions

isv:kubernetes:addons:cri-o:stable: Stable Packages (Umbrella)
- isv:kubernetes:addons:cri-o:stable:v1.29: v1.29.z tags (Stable)
  - isv:kubernetes:addons:cri-o:stable:v1.29:build: v1.29.z tags (Builder)
- isv:kubernetes:addons:cri-o:stable:v1.28: v1.28.z tags (Stable)
  - isv:kubernetes:addons:cri-o:stable:v1.28:build: v1.28.z tags (Builder)

Prereleases

isv:kubernetes:addons:cri-o:prerelease: Prerelease Packages (Umbrella)
- isv:kubernetes:addons:cri-o:prerelease:main: main branch (Prerelease)
  - isv:kubernetes:addons:cri-o:prerelease:main:build: main branch (Builder)
- isv:kubernetes:addons:cri-o:prerelease:v1.29: release-1.29 branch (Prerelease)
  - isv:kubernetes:addons:cri-o:prerelease:v1.29:build: release-1.29 branch (Builder)
- isv:kubernetes:addons:cri-o:prerelease:v1.28: release-1.28 branch (Prerelease)
  - isv:kubernetes:addons:cri-o:prerelease:v1.28:build: release-1.28 branch (Builder)

The prerelease projects are mainly used for release-x.y branches as well as the main branch of CRI-O. The stable projects are used for tagged releases. The build projects are the builders for each project to be published, while the main repositories for them are on top. For example, the builder project for main is:

isv:kubernetes:addons:cri-o:prerelease:main:build

But end-users will consume:

isv:kubernetes:addons:cri-o:prerelease:main

All packages are based on the static binary bundles provided by the CRI-O CI.

Usage

Available Streams

Distributions using `rpm` packages

# Define the Kubernetes version and used CRI-O stream
KUBERNETES_VERSION=v1.28
PROJECT_PATH=prerelease:/main

# Add the Kubernetes repo
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/rpm/repodata/repomd.xml.key
EOF

# Add the CRI-O repo
cat <<EOF | tee /etc/yum.repos.d/cri-o.repo
[cri-o]
name=CRI-O
baseurl=https://pkgs.k8s.io/addons:/cri-o:/$PROJECT_PATH/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/addons:/cri-o:/$PROJECT_PATH/rpm/repodata/repomd.xml.key
EOF

# Install official package dependencies
dnf install -y \
    conntrack \
    container-selinux \
    ebtables \
    ethtool \
    iptables \
    socat

# Install the packages from the added repos
dnf install -y --repo cri-o --repo kubernetes \
    cri-o \
    kubeadm \
    kubectl \
    kubelet

# Start CRI-O
systemctl start crio.service

Distributions using `deb` packages

# Install dependencies for adding the repositories
apt-get update
apt-get install -y software-properties-common curl

# Define the Kubernetes version and used CRI-O stream
KUBERNETES_VERSION=v1.28
PROJECT_PATH=prerelease:/main

# Add the Kubernetes repository
curl -fsSL https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list

# Add the CRI-O repository
curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/$PROJECT_PATH/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/$PROJECT_PATH/deb/ /" | tee /etc/apt/sources.list.d/cri-o.list

# Install the packages
apt-get update
apt-get install -y cri-o kubelet kubeadm kubectl

# Start CRI-O
systemctl start crio.service

Publishing

The obs GitHub action workflow can be used to manually trigger release for a CRI-O tag, a release-x.y branch or main. There is a daily cron scheduled for release branches, but it is also possible to trigger the package creation at a certain point in time. The obs pipeline will:

Bundle the sources and spec file into the corresponding build project.
Wait for the OBS builders to finish.
Run package installation and usage tests for Kubernetes and available architectures for various Distributions.
Publish the packages into the top level project.