长期支持版本

    社区创新版本

      iSulad支持NRI

      概述

      NRI(Node Resource Interface), 是用于控制节点资源的公共接口, 是CRI兼容的容器运行时插件扩展的通用框架。

      它为扩展插件提供了跟踪容器状态,并对其配置进行有限修改的基本机制。允许将用户某些自定的逻辑插入到OCI兼容的运行时中,此逻辑可以对容器进行受控更改,或在容器生命周期的某些时间点执行 OCI 范围之外的额外操作。例如,用于改进设备和其他容器资源的分配和管理。

      iSulad目前支持的NRI api 版本为0.6.1

      配置iSulad支持NRI

      1说明:

      该功能仅在openeuler 24.09版本中默认可用。

      依赖软件包

      需安装isula-rust-extensions软件包

      相关配置

      首先打开CRI v1支持,NRI功能仅在V1中生效。

      "enable-cri-v1": true,
      

      若使用默认的配置,仅需将以下选项打开:

      "nri-support": true,
      

      其他均有默认值。

      若需要配置其他项,参照:

      # add support for NRI plugin.
      "nri-support": true,
      # Allow connections from externally launched NRI plugins.
      "disable-connections": true,
      # plugin-config-path is the directory to search for plugin-specific configuration.
      "plugin-config-path": "/etc/nri/conf.d"
      # plugin-path is the directory to search for plugins to launch on startup.
      "plugin-path": "/opt/nri/plugins"
      # plugin-registration-timeout is the timeout for a plugin to register after connection.
      "plugin-registration-timeout": 5
      # plugin-request-timeout is the timeout for a plugin to handle an event/request.
      "plugin-request-timeout": 2
      

      使用示例

      NRI 简单插件实例可参照NRI 仓库,以下使用Logger为示例:

      拉取nri代码库,编译plugin二进制:

      git clone https://github.com/containerd/nri.git
      cd plugins/logger
      go build .
      

      pre-started NRI 插件使用示例

      1. 若需要在iSulad启动时自动拉取logger插件,则将其二进制置于iSulad配置中设置的plugin_path路径下,并将logger插件的配置置于plugin_config_path路径下。

        [root@openEuler logger]# mkdir -p /opt/nri/plugins
        [root@openEuler logger]# cp 01-logger /opt/nri/plugins
        [root@openEuler logger]# ls -l /opt/nri/plugins
        total 16896
        -rwxr-xr-x. 1 root root 17300525 Aug 19 15:26 01-logger
        [root@openEuler logger]# mkdir -p /etc/nri/conf.d/
        [root@openEuler logger]# vim /etc/nri/conf.d/01-logger.conf
        [root@openEuler logger]# cat /etc/nri/conf.d/01-logger.conf
        AddAnnotation: test_nri_isula
        [root@openEuler logger]#
        
      2. 重启isuald后,由于未配置log日志存储位置,默认打印与isulad日志中,若在01-logger.conf中配置了日志存储位置则日志存储于配置路径中,产生的日志如下:

         INFO   [0026] RemovePodSandbox: pod:                       
         INFO   [0026] RemovePodSandbox:    annotations:            
         INFO   [0026] RemovePodSandbox:      cri.sandbox.isulad.checkpoint: '{"version":"v1","name":"test-nri-sandbox2","ns":"testns","data":{"host_network":true},"checksum":"c86a8542e7380049831cca636355345cc5921beebc41cd93e80467491c27a8d9"}' 
         INFO   [0026] RemovePodSandbox:      cri.sandbox.network.setup.v2: "true" 
         INFO   [0026] RemovePodSandbox:      devices.nri.io/container.c0: | 
         INFO   [0026] RemovePodSandbox:        - path: /dev/nri-null 
         INFO   [0026] RemovePodSandbox:          type: c           
         INFO   [0026] RemovePodSandbox:          major: 1          
         INFO   [0026] RemovePodSandbox:          minor: 3          
         INFO   [0026] RemovePodSandbox:      io.kubernetes.cri.container-type: sandbox 
         INFO   [0026] RemovePodSandbox:      io.kubernetes.cri.sandbox-attempt: "1" 
         INFO   [0026] RemovePodSandbox:      io.kubernetes.cri.sandbox-name: test-nri-sandbox2 
         INFO   [0026] RemovePodSandbox:      io.kubernetes.cri.sandbox-namespace: testns 
         INFO   [0026] RemovePodSandbox:      io.kubernetes.cri.sandbox-uid: b49ef5ee-ee30-11ed-a05b-0242ac120003 
         INFO   [0026] RemovePodSandbox:      ulimits.nri.containerd.io/container.c0: | 
         INFO   [0026] RemovePodSandbox:        - type: RLIMIT_NOFILE 
         INFO   [0026] RemovePodSandbox:          hard: 1048576     
         INFO   [0026] RemovePodSandbox:          soft: 1048576     
         INFO   [0026] RemovePodSandbox:    id: 475daee4ca64e1d35894a5c27771bee32e55b22753f3ba80f57869e9b294a62b 
         INFO   [0026] RemovePodSandbox:    labels:                 
         INFO   [0026] RemovePodSandbox:      cri.isulad.type: podsandbox 
         INFO   [0026] RemovePodSandbox:      io.kubernetes.container.name: POD 
         INFO   [0026] RemovePodSandbox:    linux:                  
         INFO   [0026] RemovePodSandbox:      pod_resources:        
         INFO   [0026] RemovePodSandbox:        cpu:                
         INFO   [0026] RemovePodSandbox:          period: {}        
         INFO   [0026] RemovePodSandbox:          quota: {}         
         INFO   [0026] RemovePodSandbox:          shares:           
         INFO   [0026] RemovePodSandbox:            value: 2        
         INFO   [0026] RemovePodSandbox:        memory:             
         INFO   [0026] RemovePodSandbox:          limit: {}         
         INFO   [0026] RemovePodSandbox:    name: k8s_POD_test-nri-sandbox2_testns_b49ef5ee-ee30-11ed-a05b-0242ac120003_1 
         INFO   [0026] RemovePodSandbox:    namespace: testns       
         INFO   [0026] RemovePodSandbox:    uid: b49ef5ee-ee30-11ed-a05b-0242ac120003 
                   iSula 20240829135021.168 - Event: {Object: CRI, Type: Removed Pod: 47}
        

      外部注册NRI插件使用

      若需要在iSulad启动后注册logger插件,则直接运行此插件二进制。

      ➜  logger git:(v0.6.1) ✗ sudo ./02-logger
      INFO   [0000] Created plugin 02-logger (02-logger, handles RunPodSandbox,StopPodSandbox,RemovePodSandbox,CreateContainer,PostCreateContainer,StartContainer,PostStartContainer,UpdateContainer,PostUpdateContainer,StopContainer,RemoveContainer) 
      INFO   [0000] Registering plugin 02-logger...              
      INFO   [0000] Configuring plugin 02-logger for runtime v2/2.0.0-beta.2+unknown... 
      INFO   [0000] got configuration data: "" from runtime v2 2.0.0-beta.2+unknown 
      INFO   [0000] Subscribing plugin 02-logger (02-logger) for events RunPodSandbox,StopPodSandbox,RemovePodSandbox,CreateContainer,PostCreateContainer,StartContainer,PostStartContainer,UpdateContainer,PostUpdateContainer,StopContainer,RemoveContainer 
      INFO   [0000] Started plugin 02-logger...                  
      INFO   [0000] Synchronize: pods:                           
      INFO   [0000] Synchronize:    null                         
      INFO   [0000] Synchronize: containers:                     
      INFO   [0000] Synchronize:    null 
      

      限制说明

      接口参数限制

      暂不支持修改某些参数:

      // Container to evict(IOW unsolicitedly stop).
      ContainerEviction evict;
      
      // ref:https://github.com/containerd/containerd/pull/5490
      // - User defines blockio classes, for example: ThrottledIO and LowLatency. Class names are not restricted, and the number of classes is not limited.
      // iSulad not support
      OptionalString blockio_class;
      
      // iSulad now not support the following hook types
      message Hooks {
        repeated Hook create_runtime = 2;
        repeated Hook create_container = 3;
        repeated Hook start_container = 4;
      }
      

      使用限制

      1. iSulad目前仅支持CRI V1方式使用NRI特性。
      2. 目前支持的NRI api 版本为0.6.1。
      3. 对于插件异常退出场景,iSulad目前仅在下次调用出错时打印日志。
      4. 对于external 注册的plugin,若iSulad退出,iSulad不对其进行强制kill,生命周期与iSulad无关。

      文档捉虫

      “有虫”文档片段

      问题描述

      提交类型 issue

      有点复杂...

      找人问问吧。

      PR

      小问题,全程线上修改...

      一键搞定!

      问题类型
      规范和低错类

      ● 错别字或拼写错误;标点符号使用错误;

      ● 链接错误、空单元格、格式错误;

      ● 英文中包含中文字符;

      ● 界面和描述不一致,但不影响操作;

      ● 表述不通顺,但不影响理解;

      ● 版本号不匹配:如软件包名称、界面版本号;

      易用性

      ● 关键步骤错误或缺失,无法指导用户完成任务;

      ● 缺少必要的前提条件、注意事项等;

      ● 图形、表格、文字等晦涩难懂;

      ● 逻辑不清晰,该分类、分项、分步骤的没有给出;

      正确性

      ● 技术原理、功能、规格等描述和软件不一致,存在错误;

      ● 原理图、架构图等存在错误;

      ● 命令、命令参数等错误;

      ● 代码片段错误;

      ● 命令无法完成对应功能;

      ● 界面错误,无法指导操作;

      风险提示

      ● 对重要数据或系统存在风险的操作,缺少安全提示;

      内容合规

      ● 违反法律法规,涉及政治、领土主权等敏感词;

      ● 内容侵权;

      您对文档的总体满意度

      非常不满意
      非常满意
      提交
      根据您的反馈,会自动生成issue模板。您只需点击按钮,创建issue即可。
      文档捉虫
      编组 3备份