update k3s env

Signed-off-by: Jaehyun Nam <[email protected]>

KubeArmor/build/kubearmor-test-k3s.yaml

@@ -77,11 +77,11 @@ spec:
           readOnly: true
         - mountPath: /etc/apparmor.d
           name: etc-apparmor-d-path
-        - mountPath: /var/run/containerd/containerd.sock
-          name: containerd-sock-path
+        - mountPath: /var/run/docker.sock
+          name: docker-sock-path
           readOnly: true
-        - mountPath: /run/containerd
-          name: containerd-storage-path
+        - mountPath: /var/lib/docker
+          name: docker-storage-path
           readOnly: true
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
@@ -123,13 +123,13 @@ spec:
           type: DirectoryOrCreate
         name: etc-apparmor-d-path
       - hostPath:
-          path: /run/k3s/containerd/containerd.sock
+          path: /var/run/docker.sock
           type: Socket
-        name: containerd-sock-path
+        name: docker-sock-path
       - hostPath:
-          path: /run/k3s/containerd
+          path: /var/lib/docker
           type: DirectoryOrCreate
-        name: containerd-storage-path
+        name: docker-storage-path
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

contribution/k3s/install_k3s.sh

@@ -3,8 +3,19 @@
 # Copyright 2021 Authors of KubeArmor
 
 # create a single-node K3s cluster
-curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --docker" sh -
-[[ $? != 0 ]] && echo "Failed to install k3s" && exit 1
+if [ -x "$(command -v docker)" ]; then # docker
+	CGROUP_SYSTEMD=$(docker info 2> /dev/null | grep -i cgroup | grep systemd | wc -l)
+	if [ $CGROUP_SYSTEMD == 1 ]; then
+		curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --docker --kubelet-arg cgroup-driver=systemd" sh -
+		[[ $? != 0 ]] && echo "Failed to install k3s" && exit 1
+	else # cgroupfs
+		curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --docker" sh -
+		[[ $? != 0 ]] && echo "Failed to install k3s" && exit 1
+	fi
+else # containerd
+	curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik" sh -
+	[[ $? != 0 ]] && echo "Failed to install k3s" && exit 1
+fi
 
 KUBEDIR=$HOME/.kube
 KUBECONFIG=$KUBEDIR/config

contribution/vagrant/Vagrantfile

@@ -80,12 +80,19 @@ Vagrant.configure("2") do |config|
       # install Docker
       config.vm.provision :shell, path: kubearmor_home + "/contribution/self-managed-k8s-selinux/docker/install_docker.sh"
 
-      # install Kubernetes
-      config.vm.provision :shell, :inline => "RUNTIME=docker /home/vagrant/KubeArmor/contribution/self-managed-k8s-selinux/k8s/install_kubernetes.sh"
+      if ENV['RUNTIME'] == "k3s" then
+        # install k3s
+        config.vm.provision :shell, path: kubearmor_home + "/contribution/k3s/install_k3s.sh"
+      else
+        # install Kubernetes
+        config.vm.provision :shell, :inline => "RUNTIME=docker /home/vagrant/KubeArmor/contribution/self-managed-k8s-selinux/k8s/install_kubernetes.sh"
+      end
     end
 
-    # initialize Kubernetes
-    config.vm.provision :shell, :inline => "CNI=cilium MASTER=true /home/vagrant/KubeArmor/contribution/self-managed-k8s-selinux/k8s/initialize_kubernetes.sh"
+    if ENV['RUNTIME'] != "k3s" then
+      # initialize Kubernetes
+      config.vm.provision :shell, :inline => "CNI=cilium MASTER=true /home/vagrant/KubeArmor/contribution/self-managed-k8s-selinux/k8s/initialize_kubernetes.sh"
+    end
 
     # enable SELinux
     config.vm.provision :shell, path: kubearmor_home + "/contribution/self-managed-k8s-selinux/enable_selinux.sh"
@@ -105,12 +112,19 @@ Vagrant.configure("2") do |config|
       # install Docker
       config.vm.provision :shell, path: kubearmor_home + "/contribution/self-managed-k8s/docker/install_docker.sh"
 
-      # install Kubernetes
-      config.vm.provision :shell, :inline => "RUNTIME=docker /home/vagrant/KubeArmor/contribution/self-managed-k8s/k8s/install_kubernetes.sh"
+      if ENV['RUNTIME'] == "k3s" then
+        # install k3s
+        config.vm.provision :shell, path: kubearmor_home + "/contribution/k3s/install_k3s.sh"
+      else
+        # install Kubernetes
+        config.vm.provision :shell, :inline => "RUNTIME=docker /home/vagrant/KubeArmor/contribution/self-managed-k8s/k8s/install_kubernetes.sh"
+      end
     end
 
-    # initialize Kubernetes
-    config.vm.provision :shell, :inline => "CNI=cilium MASTER=true /home/vagrant/KubeArmor/contribution/self-managed-k8s/k8s/initialize_kubernetes.sh"
+    if ENV['RUNTIME'] != "k3s" then
+      # initialize Kubernetes
+      config.vm.provision :shell, :inline => "CNI=cilium MASTER=true /home/vagrant/KubeArmor/contribution/self-managed-k8s/k8s/initialize_kubernetes.sh"
+    end
   end
 
   # install karmor