Skip to content

Commit

Permalink
docs: containerd document
Browse files Browse the repository at this point in the history
Signed-off-by: zhaoxinxin <[email protected]>
  • Loading branch information
Liam-Zhao committed Sep 29, 2024
1 parent d437857 commit 6d7ae11
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 100 deletions.
114 changes: 24 additions & 90 deletions docs/operations/integrations/container-runtime/containerd.md
Original file line number Diff line number Diff line change
Expand Up @@ -403,12 +403,6 @@ Harbor generates self-signed certificate, refer to [Harbor](https://goharbor.io/

#### Install Dragonfly with Helm Charts

Create a Namespace:

```shell
kubectl create namespace dragonfly-system
```

##### Enable Seed Peer and configure self-signed certificate

Create seed client secret configuration file `seed-client-secret.yaml`, configuration content is as follows:
Expand All @@ -434,86 +428,6 @@ Create the secret through the following command:
kubectl apply -f seed-client-secret.yaml
```

Create helm charts configuration file charts-config.yaml, If you want to bypass TLS verification,
set `client.dfinit.containerRuntime.containerd.registries.skipVerify` to `true`.
configuration content is as follows:

```yaml
manager:
image:
repository: dragonflyoss/manager
tag: latest
metrics:
enable: true
config:
verbose: true
pprofPort: 18066
job:
preheat:
tls:
insecureSkipVerify: false
caCert: /etc/certs/yourdomain.crt
extraVolumes:
- name: seed-client-secret
secret:
secretName: seed-client-secret
extraVolumeMounts:
- name: seed-client-secret
mountPath: /etc/certs
scheduler:
image:
repository: dragonflyoss/scheduler
tag: latest
metrics:
enable: true
config:
verbose: true
pprofPort: 18066
seedClient:
image:
repository: dragonflyoss/client
tag: latest
metrics:
enable: true
config:
verbose: true
proxy:
registryMirror:
certs: /etc/certs/yourdomain.crt
extraVolumes:
- name: seed-client-secret
secret:
secretName: seed-client-secret
extraVolumeMounts:
- name: seed-client-secret
mountPath: /etc/certs
client:
image:
repository: dragonflyoss/client
tag: latest
metrics:
enable: true
config:
verbose: true
dfinit:
enable: true
image:
repository: dragonflyoss/dfinit
tag: latest
config:
containerRuntime:
containerd:
configPath: /etc/containerd/config.toml
registries:
- hostNamespace: yourdomain.com
serverAddr: https://yourdomain.com
capabilities: ['pull', 'resolve']
skipVerify: true
```

##### Enable Peer and configure self-signed certificate

Create client secret configuration file `client-secret.yaml`, configuration content is as follows:
Expand All @@ -539,9 +453,21 @@ Create the secret through the following command:
kubectl apply -f client-secret.yaml
```

Create helm charts configuration file charts-config.yaml, If you want to bypass TLS verification,
set `client.dfinit.containerRuntime.containerd.registries.skipVerify` to `true`.
configuration content is as follows:
##### Create Dragonfly cluster based on helm charts {#harbor-create-dragonfly-cluster-based-on-helm-charts}

Create helm charts configuration file `values.yaml`, configuration content is as follows:

- Notice: To support preheating for harbor with self-signed certificates,
you need to change the `manager.config.job.preheat.tls.caCert` to the harbor self-signed certificate address.
If you want to bypass TLS verification, please set `manager.config.job.preheat.tls.insecureSkipVerify` to `true`.

- Notice: `client.config.proxy.registryMirror.addr` is the harbor service address and
configure self-signed certificate in `client.config.proxy.registryMirror.addr`.

- Notice: To set the containerd container registry to harbor,
you need to change the `client.dfinit.config.containerRuntime.containerd.registries` configuration,
`yourdomain.com` is harbor registry host addr and `https://yourdomain.com` is the Harbor service address.
`skipVerify` set to `true` means to skip TLS verification.

```yaml
manager:
Expand All @@ -558,6 +484,13 @@ manager:
tls:
insecureSkipVerify: false
caCert: /etc/certs/yourdomain.crt
extraVolumes:
- name: client-secret
secret:
secretName: client-secret
extraVolumeMounts:
- name: client-secret
mountPath: /etc/certs
scheduler:
image:
Expand Down Expand Up @@ -588,6 +521,7 @@ client:
verbose: true
proxy:
registryMirror:
addr: https://yourdomain.com
certs: /etc/certs/yourdomain.crt
extraVolumes:
- name: client-secret
Expand Down Expand Up @@ -755,7 +689,7 @@ Restart containerd:
systemctl restart containerd
```

##### containerd downloads harbor images through Dragonfly
#### containerd downloads harbor images through Dragonfly

```shell
crictl pull yourdomain.com/alpine:3.19
Expand Down
62 changes: 52 additions & 10 deletions docs/operations/integrations/container-runtime/cri-o.md
Original file line number Diff line number Diff line change
Expand Up @@ -207,21 +207,42 @@ Harbor generates self-signed certificate, refer to [Harbor](https://goharbor.io/

#### Install Dragonfly with Helm Charts

Create a Namespace:
##### Enable Seed Peer and configure self-signed certificate

Create seed client secret configuration file `seed-client-secret.yaml`, configuration content is as follows:

> Notice: yourdomain.crt is Harbor's ca.crt.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: seed-client-secret
namespace: dragonfly-system
type: Opaque
data:
# the data is abbreviated in this example.
yourdomain.crt: |
MIIFwTCCA6mgAwIBAgIUdgmYyNCw4t+Lp/...
```
Create the secret through the following command:
```shell
kubectl create namespace dragonfly-system
kubectl apply -f seed-client-secret.yaml
```

Create manager secret configuration file `manager-secret.yaml`, configuration content is as follows:
##### Enable Peer and configure self-signed certificate

Create client secret configuration file `client-secret.yaml`, configuration content is as follows:

> Notice: yourdomain.crt is Harbor's ca.crt.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: manager-secret
name: client-secret
namespace: dragonfly-system
type: Opaque
data:
Expand All @@ -233,13 +254,23 @@ data:
Create the secret through the following command:
```shell
kubectl apply -f manager-secret.yaml
kubectl apply -f client-secret.yaml
```

Create helm charts configuration file charts-config.yaml,
CRI-O skips TLS authentication by default (no certificate is required).
##### Create Dragonfly cluster based on helm charts {#harbor-create-dragonfly-cluster-based-on-helm-charts}

> Notice: `yourdomain.com` is the Harbor service address.
Create helm charts configuration file `values.yaml`, configuration content is as follows:

- Notice: To support preheating for harbor with self-signed certificates,
you need to set `manager.config.job.preheat.tls.caCert` to the harbor self-signed certificate address.
If you want to bypass TLS verification, please set `manager.config.job.preheat.tls.insecureSkipVerify` to `true`.

- Notice: `client.config.proxy.registryMirror.addr` is the harbor service address and
configure self-signed certificate in `client.config.proxy.registryMirror.addr`.

- Notice: To set the CRI-O container registry to harbor,
you need to change the `client.dfinit.config.containerRuntime.crio.registries` configuration,
`yourdomain.com` is harbor registry host addr. CRI-O skips TLS verification by default (no certificate is required).

```yaml
manager:
Expand All @@ -255,7 +286,7 @@ manager:
preheat:
tls:
insecureSkipVerify: false
caCert: /etc/certs/yourdomain.crt
caCert: /etc/certs/yourdomain.crt
extraVolumes:
- name: client-secret
secret:
Expand Down Expand Up @@ -291,6 +322,17 @@ client:
enable: true
config:
verbose: true
proxy:
registryMirror:
addr: https://yourdomain.com
certs: /etc/certs/yourdomain.crt
extraVolumes:
- name: client-secret
secret:
secretName: client-secret
extraVolumeMounts:
- name: client-secret
mountPath: /etc/certs
dfinit:
enable: true
image:
Expand Down Expand Up @@ -455,7 +497,7 @@ Restart crio:
systemctl restart crio
```

##### CRI-O downloads harbor images through Dragonfly
#### CRI-O downloads harbor images through Dragonfly

```shell
crictl pull yourdomain.com/alpine:3.19
Expand Down

0 comments on commit 6d7ae11

Please sign in to comment.