Update the CRI doc for 1.6
This commit is contained in:
Yu-Ju Hong
parent
945936c12a
commit
cbd575aa6e
|
|
@ -5,7 +5,7 @@
|
||||||
CRI (_Container Runtime Interface_) consists of a
|
CRI (_Container Runtime Interface_) consists of a
|
||||||
[protobuf API](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/api/v1alpha1/runtime/api.proto),
|
[protobuf API](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/api/v1alpha1/runtime/api.proto),
|
||||||
specifications/requirements (to-be-added),
|
specifications/requirements (to-be-added),
|
||||||
and [libraries] (https://github.com/kubernetes/kubernetes/tree/master/pkg/kubelet/server/streaming)
|
and [libraries](https://github.com/kubernetes/kubernetes/tree/master/pkg/kubelet/server/streaming)
|
||||||
for container runtimes to integrate with kubelet on a node. CRI is currently in Alpha.
|
for container runtimes to integrate with kubelet on a node. CRI is currently in Alpha.
|
||||||
|
|
||||||
In the future, we plan to add more developer tools such as the CRI validation
|
In the future, we plan to add more developer tools such as the CRI validation
|
||||||
|
|
@ -18,7 +18,7 @@ integrated with kubelet through implementing an internal, high-level interface
|
||||||
in kubelet. The entrance barrier for runtimes was high because the integration
|
in kubelet. The entrance barrier for runtimes was high because the integration
|
||||||
required understanding the internals of kubelet and contributing to the main
|
required understanding the internals of kubelet and contributing to the main
|
||||||
Kubernetes repository. More importantly, this would not scale because every new
|
Kubernetes repository. More importantly, this would not scale because every new
|
||||||
addition incurs a significant maintenance overhead in the main kubernetes
|
addition incurs a significant maintenance overhead in the main Kubernetes
|
||||||
repository.
|
repository.
|
||||||
|
|
||||||
Kubernetes aims to be extensible. CRI is one small, yet important step to enable
|
Kubernetes aims to be extensible. CRI is one small, yet important step to enable
|
||||||
|
|
@ -26,50 +26,37 @@ pluggable container runtimes and build a healthier ecosystem.
|
||||||
|
|
||||||
## How to use CRI?
|
## How to use CRI?
|
||||||
|
|
||||||
|
For Kubernetes 1.6:
|
||||||
|
|
||||||
1. Start the image and runtime services on your node. You can have a single
|
1. Start the image and runtime services on your node. You can have a single
|
||||||
service acting as both image and runtime services.
|
service acting as both image and runtime services.
|
||||||
2. Set the kubelet flags
|
2. Set the kubelet flags
|
||||||
- Pass the unix socket(s) to which your services listen to kubelet:
|
- Pass the unix socket(s) to which your services listen to kubelet:
|
||||||
`--container-runtime-endpoint` and `--image-service-endpoint`.
|
`--container-runtime-endpoint` and `--image-service-endpoint`.
|
||||||
- Enable CRI in kubelet by`--experimental-cri=true`.
|
|
||||||
- Use the "remote" runtime by `--container-runtime=remote`.
|
- Use the "remote" runtime by `--container-runtime=remote`.
|
||||||
3. Set apiserver flags
|
|
||||||
- Streaming proxy redirects is required for CRI exec/attach/port-forward requests:<br>
|
|
||||||
`--feature-gates=StreamingProxyRedirects=true`
|
|
||||||
|
|
||||||
Please see the [Status Update](#status-update) section for known issues for
|
Please see the [Status Update](#status-update) section for known issues for
|
||||||
each release.
|
each release. Note that CRI API is still in its early stages. We are actively
|
||||||
|
incorporating feedback from early developers to improve the API. Developers
|
||||||
|
should expect occasional API breaking changes.
|
||||||
|
|
||||||
Note that CRI is still in its early stages. We are actively incorporating
|
*For Kubernetes 1.5, additional flags are required:*
|
||||||
feedback from early developers to improve the API. Developers should expect
|
- Set apiserver flag `--feature-gates=StreamingProxyRedirects=true`.
|
||||||
occasional API breaking changes.
|
- Set kubelet flag `--experimental-cri=true`.
|
||||||
|
|
||||||
## Does Kubelet use CRI today?
|
## Does Kubelet use CRI today?
|
||||||
|
|
||||||
No, but we are working on it.
|
Yes, Kubelet uses CRI by default in 1.6.
|
||||||
|
|
||||||
The first step is to switch kubelet to integrate with Docker via CRI by
|
We still maintain the old, non-CRI Docker integration, but it has been
|
||||||
default. The current [Docker CRI implementation](https://github.com/kubernetes/kubernetes/blob/release-1.5/pkg/kubelet/dockershim)
|
deprecated and scheduled to be removed in the next release (1.7). Please file
|
||||||
already passes most end-to-end tests, and has mandatory PR builders to prevent
|
a Github issue and include @kubernetes/sig-node-bugs for any CRI problem.
|
||||||
regressions. While we are expanding the test coverage gradually, it is
|
|
||||||
difficult to test on all combinations of OS distributions, platforms, and
|
|
||||||
plugins. There are also many experimental or even undocumented features relied
|
|
||||||
upon by some users. We would like to **encourage the community to help test
|
|
||||||
this Docker-CRI integration and report bugs and/or missing features** to
|
|
||||||
smooth the transition in the near future. Please file a Github issue and
|
|
||||||
include @kubernetes/sig-node for any CRI problem.
|
|
||||||
|
|
||||||
### How to test the new Docker CRI integration?
|
|
||||||
|
|
||||||
Start kubelet with the following flags:
|
|
||||||
- Use the Docker container runtime by `--container-runtime=docker`(the default).
|
|
||||||
- Enable CRI in kubelet by`--experimental-cri=true`.
|
|
||||||
|
|
||||||
Please also see the [known issues](#docker-cri-1.5-known-issues) before trying
|
|
||||||
out.
|
|
||||||
|
|
||||||
## Design docs and proposals
|
## Design docs and proposals
|
||||||
|
|
||||||
|
The Kubernetes 1.5 [blog post on CRI](http://blog.kubernetes.io/2016/12/container-runtime-interface-cri-in-kubernetes.html)
|
||||||
|
serves as a general introduction.
|
||||||
|
|
||||||
We plan to add CRI specifications/requirements in the near future. For now,
|
We plan to add CRI specifications/requirements in the near future. For now,
|
||||||
these proposals and design docs are the best sources to understand CRI
|
these proposals and design docs are the best sources to understand CRI
|
||||||
besides discussions on Github issues.
|
besides discussions on Github issues.
|
||||||
|
|
@ -77,8 +64,7 @@ besides discussions on Github issues.
|
||||||
- [Original proposal](https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/proposals/container-runtime-interface-v1.md)
|
- [Original proposal](https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/proposals/container-runtime-interface-v1.md)
|
||||||
- [Exec/attach/port-forward streaming requests](https://docs.google.com/document/d/1OE_QoInPlVCK9rMAx9aybRmgFiVjHpJCHI9LrfdNM_s/edit?usp=sharing)
|
- [Exec/attach/port-forward streaming requests](https://docs.google.com/document/d/1OE_QoInPlVCK9rMAx9aybRmgFiVjHpJCHI9LrfdNM_s/edit?usp=sharing)
|
||||||
- [Container stdout/stderr logs](https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/proposals/kubelet-cri-logging.md)
|
- [Container stdout/stderr logs](https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/proposals/kubelet-cri-logging.md)
|
||||||
- Networking: The CRI runtime handles network plugins and the
|
- [Networking](https://github.com/kubernetes/community/blob/master/contributors/devel/kubelet-cri-networking.md)
|
||||||
setup/teardown of the pod sandbox.
|
|
||||||
|
|
||||||
## Work-In-Progress CRI runtimes
|
## Work-In-Progress CRI runtimes
|
||||||
|
|
||||||
|
|
@ -88,6 +74,24 @@ besides discussions on Github issues.
|
||||||
|
|
||||||
## [Status update](#status-update)
|
## [Status update](#status-update)
|
||||||
|
|
||||||
|
### Kubernetes v1.6 release (Docker-CRI integration Beta)
|
||||||
|
**The Docker CRI integration has been promoted to Beta, and been enabled by
|
||||||
|
default in Kubelet**.
|
||||||
|
- **Upgrade**: It is recommended to drain your node before upgrading the
|
||||||
|
Kubelet. If you choose to perform in-place upgrade, the Kubelet will
|
||||||
|
restart all Kubernetes-managed containers on the node.
|
||||||
|
- **Resource usage and performance**: There is no performance regression
|
||||||
|
in our measurement. The memory usage of Kubelet increases slightly
|
||||||
|
(~0.27MB per pod) due to the additional gRPC serialization for CRI.
|
||||||
|
- **Disable**: To disable the Docker CRI integration and fall back to the
|
||||||
|
old implementation, set `--enable-cri=false`. Note that the old
|
||||||
|
implementation has been *deprecated* and is scheduled to be removed in
|
||||||
|
the next release. You are encouraged to migrate to CRI as early as
|
||||||
|
possible.
|
||||||
|
- **Others**: The Docker container naming/labeling scheme has changed
|
||||||
|
significantly in 1.6. This is perceived as implementation detail and
|
||||||
|
should not be relied upon by any external tools or scripts.
|
||||||
|
|
||||||
### Kubernetes v1.5 release (CRI v1alpha1)
|
### Kubernetes v1.5 release (CRI v1alpha1)
|
||||||
|
|
||||||
- [v1alpha1 version](https://github.com/kubernetes/kubernetes/blob/release-1.5/pkg/kubelet/api/v1alpha1/runtime/api.proto) of CRI is released.
|
- [v1alpha1 version](https://github.com/kubernetes/kubernetes/blob/release-1.5/pkg/kubelet/api/v1alpha1/runtime/api.proto) of CRI is released.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue