wainersm / coco_workshop Goto Github PK
View Code? Open in Web Editor NEWConfidential Containers Workshops
License: Apache License 2.0
Confidential Containers Workshops
License: Apache License 2.0
The instructions to apply the operator are:
kubectl apply -k github.com/confidential-containers/operator/config/release?ref=v0.2.0
Is release 0.2.0 intentional here? I tried with 0.5.0, and it seems to work fine.
Trying on a different host (Intel base) to investigate #7, I ran into a different problem, where for some reason the .kube/config
was not created:
[centos@coco-lab ~]$ kubectl label node "$(hostname)" "node-role.kubernetes.io/worker="
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[centos@coco-lab ~]$ hostname
coco-lab
Just running these steps fixed (but not sure why I had to):
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
On my AMD SEV-SNP test host, following the lab, both in centos and ubuntu, after this step:
kubectl apply -f coco-demo.yaml
I end up with demo pod getting stuck:
ubuntu@u2004-coco-lab:~$ kubectl get pods -l app=coco-demo --watch
NAME READY STATUS RESTARTS AGE
coco-demo-7c545b4d6b-lr5ch 0/1 ContainerCreating 0 2m32s
Details:
$ kubectl describe pod coco-demo-7c545b4d6b-lr5ch
Warning FailedCreatePodSandBox 7s (x3 over 34s) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: failed to launch qemu: exit status 1, error messages from qemu log: Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize kvm: No such file or directory
So we need to make sure kvm can run in the guest. Investigating where this is failing in the setup.
If I try to run the workshop with Ubuntu 20.04, I get an error at the very first step:
ubuntu@u2004-coco-lab:~$ kubectl label node "$(hostname)" "node-role.kubernetes.io/worker="
error: error loading config file "/home/ubuntu/.kube/config": open /home/ubuntu/.kube/config: permission denied
This is because permissions on the installed .kube
are root:root
:
ubuntu@u2004-coco-lab:~$ ls -la
total 40
drwxr-xr-x 6 ubuntu ubuntu 4096 Jun 7 16:32 .
drwxr-xr-x 3 root root 4096 Jun 7 16:30 ..
drwxrwxr-x 4 ubuntu ubuntu 4096 Jun 7 16:30 .ansible
-rw-r--r-- 1 ubuntu ubuntu 220 Feb 25 2020 .bash_logout
-rw-r--r-- 1 ubuntu ubuntu 3771 Feb 25 2020 .bashrc
drwx------ 2 ubuntu ubuntu 4096 Jun 7 16:30 .cache
drwxr-x--- 3 root root 4096 Jun 7 16:32 .kube
-rw-r--r-- 1 ubuntu ubuntu 807 Feb 25 2020 .profile
drwx------ 2 ubuntu ubuntu 4096 Jun 7 16:30 .ssh
-rw-r--r-- 1 ubuntu ubuntu 0 Jun 7 16:30 .sudo_as_admin_successful
-rwxr-xr-x 1 ubuntu ubuntu 975 Jun 7 16:30 setup_lab_env.sh
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.