docs/getting-started/rkt: Add stage1 section, update, rewrite #741
Conversation
|
cc @kubernetes/sig-rktnetes |
|
|
||
| ##### Use rkt's Contained Networking | ||
| In addition, rkt supports using its own [*contained network*](https://coreos.com/rkt/docs/latest/networking/overview.html#contained-mode), flannel SDN networking, or some provider networks. |
There was a problem hiding this comment.
s/, flannel SDN/ to support flannel SDN/
There was a problem hiding this comment.
what about:
In addition, rkt supports using its own contained network, potentially layered above the flannel SDN, or some provider networks.
|
|
||
| ##### Check logs | ||
| ### Debugging |
There was a problem hiding this comment.
I wanted to change this to Troubleshooting, because it appears at other places.
|
|
||
| ##### Use rkt's Contained Networking | ||
| You can configure Kubernetes pod networking with the usual Container Network Interface (CNI) [network plugins](http://kubernetes.io/docs/admin/network-plugins/) by setting the kubelet's `--network-plugin` and `--network-plugin-dir` options appropriately. Configured in this fashion, the rkt container engine will be unaware of network details, and expects to connect pods to the provided subnet. |
There was a problem hiding this comment.
question: to the provided subnet or in the provided subnet?
There was a problem hiding this comment.
I think we connect them "to" the subnet.
"Connects pods in the subnet" implies that we connect those things that are already address holders in this subnet.
There was a problem hiding this comment.
sgtm. I misread connect to pods for some reason..
|
LGTM. ping @johndmulhausen for a final review. |
|
Actually can you update the notes.md as well to include some clarification saying that "unsuppfororted features will be supported in the later releases?" @joshix |
|
btw Do you think we should have TOC at the top of this doc to highlight the content? |
|
Thanks for updating the toc @joshix , it looks very handy. LGTM! |
|
|
||
| In this mode, rkt will attempt to join pods into a network named `rkt.kubernetes.io`. | ||
| To use rkt's contained networking, you can leave the `--network-plugin` to empty, and put a network config file under one of the rkt's [config directories](https://github.com/coreos/rkt/blob/master/Documentation/configuration.md#command-line-flags), for example: | ||
| You can configure Kubernetes pod networking with the usual Container Network Interface (CNI) [network plugins](http://kubernetes.io/docs/admin/network-plugins/) by setting the kubelet's `--network-plugin` and `--network-plugin-dir` options appropriately. Configured in this fashion, the rkt container engine will be unaware of network details, and expects to connect pods to the provided subnet. |
There was a problem hiding this comment.
Correct URL: /docs/admin/network-plugins/
There was a problem hiding this comment.
D'oh. Stands to reason, given the other rooted links into /docs/. :)
Updated.
| rkt executes containers in an interchangeable isolation environment. This facility is called the [*stage1* image](https://coreos.com/rkt/docs/latest/devel/architecture.html#stage-1). There are currently three supported rkt stage1 images: | ||
|
|
||
| * `systemd-nspawn` stage1, the default. Isolates running containers with Linux kernel namespaces and cgroups in a manner similar to the default container runtime. | ||
| * [`lkvm` stage1](https://coreos.com/rkt/docs/latest/running-lkvm-stage1.html), runs containers inside a KVM hypervisor-managed virtual machine. |
There was a problem hiding this comment.
Could you add information that this is experimental support for 1.3 release ?
There was a problem hiding this comment.
Additionally i would change lkvm stage1 to kvm stage1 cause we are working also on qemu integration (not only lkvm)
|
|
||
| Kubernetes also provides various tools for debugging. More information can be found [here](/docs/user-guide/application-troubleshooting). | ||
| Kubernetes provides various tools for troubleshooting and examination. More information can be found [in the app troubleshooting guide](/docs/user-guide/application-troubleshooting). |
There was a problem hiding this comment.
kubectl logs wont work for apps writing to stdout/stderr instead of journal i.e nginx (if run with default docker image) - rkt/rkt#2640 (comment)
There was a problem hiding this comment.
Obvs journalctl on the node won't work in this case, either -- I assume there is no method to recover such logs, and this begs reconfiguration?
There was a problem hiding this comment.
@joshix actually journalctl on the node is working (See What did you expect to see section in rkt/rkt#2640 (comment))
There was a problem hiding this comment.
Added a heading to notes document to record this.
|
|
||
| In some cases, this issue can be worked around by creating and using subdirectories from within the container rather than relying on Kubernetes to do so. | ||
| The [subPath](https://github.com/kubernetes/kubernetes/pull/22575) feature does not work correctly under rkt. In addition, the issue of non-existent host volume paths being invalid, mentioned above, would cause many common use cases for subPaths to fail in the same way. In some cases, this issue can be worked around by creating and using subdirectories from within the container, rather than relying on Kubernetes to do so. |
There was a problem hiding this comment.
Need to add two issues here:
## Per container volume relabeling
Today rkt only supports per pod volume relabeling, which after relabeling, the mounted volume is shareable among containers within the pod, currently there is no way to make it only accessible by one container. More details are described [here](https://github.com/kubernetes/kubernetes/issues/28187).
## Port-forwarding for stage1-kvm
`kubectl port-forward` is not supported for pods that are using `stage1-kvm` or `stage1-fly`.
Update the rkt getting started guide: Add information about rkt stage1 images. Fix broken/outdated links. Fix the heading hierarchy. Edit language/clarity. Reformat markdown source for plaintext legibility. Addresses prior reviews on and supersedes kubernetes#725.
|
LGTM |
|
Ping @johndmulhausen ? |
|
@johndmulhausen Any more feedbacks? |
|
Seems @johndmulhausen is on holiday, and the I am going to merge this, the docs review should be fine already. |
|
|
||
| Here are several tips in case you run into any issues. | ||
| rkt and the default node container engine have very different designs, as do rkt's native ACI and the Docker container image format. Users may experience different behaviors when switching from one container engine to the other. More information can be found [in the Kubernetes rkt notes](/docs/getting-started-guides/rkt/notes/). |
There was a problem hiding this comment.
notes is a deadlink. missing .md, extra /.
There was a problem hiding this comment.
@Quentin-M Nope, the link is supposed to work for the rendered web page. See http://kubernetes.io/docs/getting-started-guides/rkt/#known-issues-and-differences-between-rkt-and-docker
* Add updates to blog posts * Appease the lint gods * Liiiiint * Link fixing
Signed-off-by: Yue Yang <[email protected]>
Update the rkt getting started guide:
Add information about rkt stage1 images.
Fix broken/outdated links.
Fix the heading hierarchy.
Edit language/clarity.
Reformat markdown source for plaintext legibility.
Addresses prior reviews on and supersedes #725.