-
Notifications
You must be signed in to change notification settings - Fork 43
/
setup
executable file
·73 lines (56 loc) · 1.75 KB
/
setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/usr/bin/env bash
set -euox pipefail
main() {
set -x
prepare_system
install_critest
install_crio
}
curl_retry() {
curl -sSfL --retry 5 --retry-delay 3 "$@"
}
prepare_system() {
sudo systemctl stop docker
sudo ufw disable
# enable necessary kernel modules
sudo ip6tables --list >/dev/null
# enable necessary sysctls
sudo sysctl -w net.ipv4.conf.all.route_localnet=1
sudo sysctl -w net.ipv4.ip_forward=1
# needed for crictl test
sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
sudo iptables -t nat -I POSTROUTING -s 127.0.0.0/8 ! -d 127.0.0.0/8 -j MASQUERADE
if ! grep -q containers /etc/subuid; then
echo "containers:100000:65536" | sudo tee -a /etc/subuid
fi
if ! grep -q containers /etc/subgid; then
echo "containers:100000:65536" | sudo tee -a /etc/subgid
fi
printf "RateLimitInterval=0\nRateLimitBurst=0\n" | sudo tee /etc/systemd/journald.conf
sudo systemctl restart systemd-journald
}
install_crio() {
curl_retry "https://raw.githubusercontent.com/cri-o/packaging/main/get" |
sudo bash -s --
cat <<EOT | sudo tee /etc/crio/crio.conf.d/10-crun.conf
[crio.runtime]
default_runtime = "runc"
seccomp_use_default_when_empty = false
[crio.runtime.runtimes.runc]
runtime_type = "pod"
EOT
sudo systemctl enable --now crio.service
# Validate if the correct config is being loaded
sudo crio status config | grep -q 'default_runtime = "runc"'
sudo crio status config | grep -q 'runtime_type = "pod"'
}
install_critest() {
URL=https://github.com/kubernetes-sigs/cri-tools
git clone $URL
pushd cri-tools
sudo -E PATH="$PATH" make BINDIR=/usr/local/bin install
popd
sudo rm -rf cri-tools
sudo critest --version
}
main "$@"