14. LinuxKit

LinuxKit is one of Docker’s latest creations to provide an immutable simple OS that can run containers and other container platforms. The goal is to provide a simple to update, secure, and maintain OS that can facilitate container deployments.

It turns out that Digital Rebar Provision can easily deploy LinuxKit images. The example assets provided with Digital Rebar Provision contains some examples of LinuxKit deployments.

There are three currently available. Though they are really simple and easily cloned.

  • lk-sshd - the example sshd
  • lk-k8s-master - the k8s project master image
  • lk-k8s-node - the k8s project node image

Here are the following steps that work on an Ubuntu 16.04 desktop with KVM already setup. The basic overview is:

  • Get and start dr-provision
  • Configure dr-provision to handle KVM network
  • Get and build LinuxKit
  • Make some ISOs
  • Install BootEnvs
  • Run Nodes

Let’s hit each of the steps. For a simple play with it trial, create a directory for both Digital Rebar Provision and LinuxKit.

Also, there is a video of these steps.

14.1. Get, Start, and Configure Digital Rebar Provision

There are already many pages for this, Quick Start and Install. The main thing is to use the tip version at the moment. It is best to include the discovery and sledgehammer images. The KVM system used (the Digital Rebar test tool, kvm-slave) always PXE boots and machines can be easily added just by starting them.

For a simple trail, use the install process with the –isolated flag.

Something like:

mkdir -p lk-dr-trial/dr-provision
cd lk-dr-trial/dr-provision
curl -fsSL https://raw.githubusercontent.com/digitalrebar/provision/master/tools/install.sh | bash -s -- --isolated --drp-version=tip install
# Follow the instructions at the end of the script

14.2. Get and Build LinuxKit

First, create a directory for everything, clone LinuxKit, and build it. This assumes that go install was executed.

cd lk-dr-trial
git clone https://github.com/linuxkit/linuxkit.git
cd linuxkit

After a few minutes, there should be a bin directory with moby ready to go.

14.3. Make some ISOs

The provided BootEnv deploying the sshd example and k8s project. To build these, we need to do a couple of things.

  • Edit the examples/sshd.yml
    • Replace the “#your ssh key here” line with the contents of the SSH public key. e.g. ~/.ssh/id_rsa.pub
  • Run the moby build command

    # edit files
    bin/moby build -output iso-bios examples/sshd.yml

This will generate an ISO, sshd.iso. Copy this file into the assets/isos directory (creating it if it doesn’t exist) in the dr-provision install directory.

Additionally, we can build the Kubernetes images. We still need to edit a couple of files.

  • cd projects/kubernetes

  • Edit the k8s-master.yml
    • Replace the “#your ssh key here” line with the contents of the SSH public key. e.g. ~/.ssh/id_rsa.pub
  • Edit the k8s-node.yml
    • Replace the “#your ssh key here” line with the contents of the SSH public key. e.g. ~/.ssh/id_rsa.pub
  • Edit the Makefile
    • Add -output iso-bios to the moby build lines. This will make sure to make ISOs.
    • E.g. ../../bin/moby build -output iso-bios -name kube-master kube-master.yml
    • E.g. ../../bin/moby build -output iso-bios -name kube-node kube-node.yml
  • Run the make command

    cd projects/kubernetes
    # edit files

This will generate two ISO images, kube-master.iso and kube-node.iso. Copy these files into the assets/iso directory in the dr-provision install directory.

14.4. Install BootEnvs

At this point, we can add the BootEnv to Digital Rebar Provision.

  • Change to the Digital Rebar Provision directory and then to the assets directory.

  • Run the following

    cd lk-dr-trial/dr-provision/assets
    export RS_KEY=rocketskates:r0cketsk8ts # or whatever it is it set to.
    ../drpcli bootenvs install bootenvs/lk-sshd.yml
    ../drpcli bootenvs install bootenvs/lk-k8s-master.yml
    ../drpcli bootenvs install bootenvs/lk-k8s-node.yml

This will make all three BootEnv available for new nodes.

14.5. Run Nodes

At this point, it is possible to boot some nodes and run them. They can have pre-existing nodes or discovered nodes. This will use discovered nodes.

First, start some nodes. The Digital Rebar team prefers kvm-slave tool that starts KVM on my Digital Rebar Provision network. .e.g. tools/kvm-slave Anything that PXEs and can three will work.

Once they are discovered, something like this from drpcli machines list should appear:

    "Address": "",
    "BootEnv": "sledgehammer",
    "Errors": null,
    "Name": "d52-54-54-07-00-00.example.com",
    "Uuid": "4cc8678e-cdc0-48ee-b898-799103840d7f"
    "Address": "",
    "BootEnv": "sledgehammer",
    "Errors": null,
    "Name": "d52-54-55-00-00-00.example.com",
    "Uuid": "c22a3db3-dba8-4138-8375-7a546c8097e8"
    "Address": "",
    "BootEnv": "sledgehammer",
    "Errors": null,
    "Name": "d52-54-54-7d-00-00.example.com",
    "Uuid": "d8d5b78a-976b-41c6-a968-31c73ba2b8a4"

At this point, the BootEnv field should be changed to the environment of choice.

cd lk-dr-trial/dr-provision
./drpcli machines bootenv "4cc8678e-cdc0-48ee-b898-799103840d7f" lk-sshd
./drpcli machines bootenv "d8d5b78a-976b-41c6-a968-31c73ba2b8a4" lk-k8s-master
./drpcli machines bootenv "c22a3db3-dba8-4138-8375-7a546c8097e8" lk-k8s-node

Now, reboot those kvm instances (close the KVM console window or kill the qemu process). Once the systems boot up, it should be possible to ssh into them from the account the ssh key is from (as root).

And that is all for the sshd image.

For Kubernetes, a few more steps are required. In this example, is the master. We need to SSH into its kubelet container and start kubeadm. Something like this:

ssh root@
nsenter --mount --target 1 runc exec --tty kubelet sh

This will run for a while and start up the master. It will output a line that looks like this:

kubeadm join --token bb38c6.117e66eabbbce07d

This will need to run on each k8s-node. It is necessary to SSH into the kubelet on the k8s node. Something like this:

ssh root@
nsenter --mount --target 1 runc exec --tty kubelet sh
kubeadm join --token bb38c6.117e66eabbbce07d

Now, wait for a while and if the KVM instances have Internet access, then kubernetes will be up. The default access for this cluster is through the kubelet container though others are probably configurable.

ssh root@
nsenter --mount --target 1 runc exec --tty kubelet sh
kubectl get nodes

There are ssh helper scripts in the linuxkit/projects/kubernetes directory, but they do not always work with the latest k8s containers.