merge v0.9.1 to mian

context/Kubefile

@@ -5,8 +5,8 @@ COPY imageList manifests
 LABEL "cluster.alpha.sealer.io/cluster-runtime-version"="v1.22.15"
 LABEL "cluster.alpha.sealer.io/cluster-runtime-type"="kubernetes"
 LABEL "cluster.alpha.sealer.io/container-runtime-type"="docker"
-LABEL "cluster.alpha.sealer.io/container-runtime-version"="19.03.15"
+LABEL "cluster.alpha.sealer.io/container-runtime-version"="19.03.14"
 COPY tigera-operator.yaml applications/tigera-operator.yaml
 COPY custom-resources.yaml applications/custom-resources.yaml
-APP calico local://calico.sh
+CNI calico local://calico.sh
 LAUNCH ["calico"]

context/calico.sh

@@ -1,18 +1,4 @@
-#!/bin/bash
-# shellcheck disable=SC1091
-# Copyright © 2021 Alibaba Group Holding Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+#!/usr/bin/env bash
 
 kubectl apply -f applications/tigera-operator.yaml
 kubectl apply -f applications/custom-resources.yaml

context/containerd/rootfs/scripts/containerd.sh

@@ -1,53 +1,83 @@
 #!/bin/bash
-# shellcheck disable=SC1091
-# Copyright © 2021 Alibaba Group Holding Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -x
-set -e
-
-rootfs=$(dirname "$(pwd)")
-image_dir="$rootfs/images"
-lib_dir="${rootfs}/lib"
-dump_config_dir="$rootfs/etc/dump-config.toml"
-
-command_exists() {
-  command -v "$@" >/dev/null 2>&1
-}
-
-server_load_images() {
-  for image in "$image_dir"/*; do
-    if [ -f "${image}" ]; then
-      ${1} load -i "${image}"
+
+#------------------------------------------------------------------------------------
+# Program:
+#   1. install containerd/containerd-shim/runc/nerdctl/crictl/ctr/cni ... etc.
+#   2. install containerd.service
+#   3. install config.toml
+# History:
+#   2021/06/10  muze.gxc    First release
+#   2021/06/28  muze.gxc    bugfix: fix the case that containerd exists
+#   2021/07/12  muze.gxc    bugfix: add the cgroup driver choice to the config.toml
+#   2022/07/22  DanteCui    move into ack-distro
+#------------------------------------------------------------------------------------
+
+# shellcheck disable=SC2046
+# shellcheck disable=SC2006
+scripts_path=$(cd `dirname "$0"`; pwd)
+
+set -e;set -x
+
+# get params
+storage=${ContainerDataRoot:-/var/lib/containerd} # containerd default uses /var/lib/containerd
+mkdir -p "$storage"
+
+# Begin install containerd
+if ! containerd --version; then
+  lsb_dist=$(utils_get_distribution)
+  lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
+  echo "current system is ${lsb_dist}"
+
+  # containerd bin、crictl bin、ctr bin、nerdctr bin、cni plugin etc
+  tar -zxvf "${scripts_path}"/../tgz/containerd.tgz -C /
+  chmod a+x /usr/local/bin
+  chmod a+x /usr/local/sbin
+
+  case "${lsb_dist}" in
+  ubuntu | deepin | debian | raspbian)
+    cp -f "${scripts_path}"/../etc/containerd.service /etc/systemd/system/containerd.service
+    if [ ! -f /usr/sbin/iptables ];then
+      if [ -f /sbin/iptables ];then
+        ln -s /sbin/iptables /usr/sbin/iptables
+      else
+        echo "iptables not found, please check"
+        exit 1
+      fi
     fi
-  done
-}
+    ;;
+  centos | rhel | anolis | ol | sles | kylin | neokylin)
+    RPM_DIR=${scripts_path}/../rpm/
+    rpm=libseccomp
+    if ! rpm -qa | grep ${rpm};then
+      rpm -ivh --force --nodeps "${RPM_DIR}"/${rpm}*.rpm
+    fi
+    cp -f "${scripts_path}"/../etc/containerd.service /etc/systemd/system/containerd.service
+    ;;
+  alios)
+    docker0=$(ip addr show docker0 | head -1|tr " " "\n"|grep "<"|grep -iwo "UP"|wc -l)
+    if [ "$docker0" != "1" ]; then
+        ip link add name docker0 type bridge
+        ip addr add dev docker0 172.17.0.1/16
+    fi
+    RPM_DIR=${scripts_path}/../rpm/
+    rpm=libseccomp
+    if ! rpm -qa | grep ${rpm};then
+      rpm -ivh --force --nodeps "${RPM_DIR}"/${rpm}*.rpm
+    fi
+    cp -f "${scripts_path}"/../etc/containerd.service /etc/systemd/system/containerd.service
+    ;;
+  *)
+    utils_error "unknown system to use /etc/systemd/system/containerd.service"
+    cp -f "${scripts_path}"/../etc/containerd.service /etc/systemd/system/containerd.service
+    ;;
+  esac
 
-##cri is containerd
-if ! command_exists containerd; then
-  tar zxvf ../cri/cri-*.tar.gz -C /
-  cd "$lib_dir" && source install_libseccomp.sh
+  # install /etc/containerd/config.toml
+  mkdir -p /etc/containerd
+  cp -f "${scripts_path}"/../etc/containerd-config.toml /etc/containerd/config.toml
 fi
+
+disable_selinux
 systemctl daemon-reload
 systemctl enable containerd.service
-systemctl restart containerd.service
-
-sed -i "s/sea.hub/${2:-sea.hub}/g" "$dump_config_dir"
-sed -i "s/5000/${3:-5000}/g" "$dump_config_dir"
-mkdir -p /etc/containerd
-containerd --config "$dump_config_dir" config dump >/etc/containerd/config.toml
-systemctl restart containerd.service
-load_image_server="nerdctl"
-
-server_load_images "${load_image_server}"
+systemctl restart containerd.service

context/rootfs/scripts/init-kube.sh

@@ -57,7 +57,7 @@ copy_bins
 copy_kubelet_service
 [ -d /var/lib/kubelet ] || mkdir -p /var/lib/kubelet/
 /usr/bin/kubelet-pre-start.sh
-systemctl enable kubelet
+systemctl daemon-reload && systemctl enable kubelet
 
 # nvidia-docker.sh need set kubelet labels, it should be run after kubelet
 #bash "${scripts_path}"/nvidia-docker.sh || exit 1