代码拉取完成,页面将自动刷新
isula 版本: v2.1.5
操作系统版本:openEuler 22.03 LTS x86_64
拉取isula代码,切换到v2.1.5分支进行编译,编译参数如下:
cmake .. -DDEBUG=ON -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-UNDEBUG
-DCMAKE_SKIP_RPATH=TRUE
-DENABLE_CRI_API_V1=ON
-DENABLE_SANDBOXER=ON
-DENABLE_SHIM_V2=ON
-DENABLE_UT=OFF
-DENABLE_GRPC_REMOTE_CONNECT=OFF
-DENABLE_GRPC=ON
-DCMAKE_EXPORT_COMPILE_COMMANDS=ON
-DENABLE_GVISOR=ON
-DUSESHARED=OFF
通过make -j $(nproc) && make install 安装启动isulad后,修改daemon.json配置如下:
"cri-runtimes": {
"kata": "io.containerd.kata.v2",
"runsc": "io.containerd.runsc.v1"
},
"enable-cri-v1": true,
"runtimes": {
"runsc": {
"path": "/usr/bin/runsc"
},
"kata-runtime": {
"path": "/usr/bin/kata-runtime",
"runtime-args": [
"--kata-config",
"/usr/share/defaults/kata-containers/configuration.toml"
]
}
},
重启isula。
安装k3s指定如下参数:--container-runtime-endpoint=unix:///var/run/isulad.sock --image-service-endpoint=unix:///var/run/isulad.sock
通过https://gitee.com/openeuler/iSulad/blob/master/docs/manual/k8s_integration_zh.md#%E4%BD%BF%E7%94%A8-runtimeclass
中方式创建k3s的RuntimeClass,并在pod.spec指定runtime,pod创建成功后卡在 containercreating状态,kubectl describe 可看到报错:
Warning FailedCreatePodSandBox 4s (x3 over 30s) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = Failed to convert runtimehandler: kata-runtime to sandboxer
查看isula日志报错如下:
ERROR /root/rpmbuild/BUILD/iSulad-v2.1.5/src/daemon/common/cri/v1/v1_cri_helpers.cc:CRISandboxerConvert:405 - Cannot get cri sandboxer list
iSula 20240507130332.600 ERROR /root/rpmbuild/BUILD/iSulad-v2.1.5/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc:RunPodSandbox:328 - Object: CRI, Type: Failed to run pod: Failed to convert runtimehandler: runsc to sandboxer
May 07 21:03:37 hecs-267907 isulad[209983]: iSula 20240507130337.599 - Event: {Object: CRI, Type: Running Pod: kata-pod-example}
May 07 21:03:37 hecs-267907 isulad[209983]: iSula 20240507130337.599
May 07 21:03:37 hecs-267907 isulad[209983]: iSula 20240507130337.599 ERROR /root/rpmbuild/BUILD/iSulad-v2.1.5/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc:PrepareSandboxData:57 - Failed to convert runtimehandler: kata-runtime to sandboxer
May 07 21:03:37 hecs-267907 isulad[209983]: iSula 20240507130337.599
成功部署pod,并在指定runtime上执行。
openeuler-ci-bot
拥有者
Hi E_YE225, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: iSulad, and any of the maintainers: @haomintsai , @JingWoo , @lifeng_isula , @xuxuepeng , @zhongtao , @haozi007 , @jingxiaolu
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
看isula错误提示和源码,似乎是没有读取到daemon.json中runtimes配置,是因为我配置问题还是编译异常呢?
isula run --rm --runtime=runsc busybox uname -a 测试结果是符合正常的,在gvisor上成功运行,但在k3s上就不行,isula报错Cannot get cri sandboxer list
在k3s中单独测kata也存在问题,完整配置如下:
{
"group": "isula",
"default-runtime": "runc",
"graph": "/var/lib/isulad",
"state": "/var/run/isulad",
"log-level": "ERROR",
"pidfile": "/var/run/isulad.pid",
"log-opts": {
"log-file-mode": "0600",
"log-path": "/var/lib/isulad",
"max-file": "1",
"max-size": "30KB"
},
"log-driver": "stdout",
"container-log": {
"driver": "json-file"
},
"hook-spec": "/etc/default/isulad/hooks/default.json",
"start-timeout": "2m",
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors": [
"docker.io"
],
"insecure-registries": [
],
"pod-sandbox-image": "rancher/mirrored-pause:3.6",
"native.umask": "normal",
"network-plugin": "",
"cni-bin-dir": "",
"cni-conf-dir": "",
"image-layer-check": false,
"use-decrypted-key": true,
"insecure-skip-verify-enforce": false,
"cri-runtimes": {
"kata": "io.containerd.kata.v2"
},
"enable-cri-v1": true,
"runtimes": {
"kata-runtime": {
"path": "/usr/bin/kata-runtime",
"runtime-args": [
"--kata-config",
"/usr/share/defaults/kata-containers/configuration.toml"
]
}
}
}
zhongtao
成员
你打开的-DENABLE_SANDBOXER=ON编译选项是为了对接sandbox API的,目前是给kuasar使用,你这边使用kata的话应该不用打开这个选项
删除非必要的编译参数后,依旧报错跟上述反馈一致,请问这是kata版本问题,还是配置的问题呢?
%cmake
-DDEBUG=ON
-DCMAKE_SKIP_RPATH=TRUE
-DLIB_INSTALL_DIR=%{_libdir}
-DCMAKE_INSTALL_PREFIX=/usr
-DENABLE_CRI_API_V1=ON
-DENABLE_GVISOR=ON \
你可以看一下拉取的isula版本是不是最新的,!2430:isolate sandboxer code by using macro/files这个提交应该是修复过相关的问题的
登录 后才可以发表评论
