Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

[Muayyad AlSadi]

here is my blog post

https://bcksp.blogspot.com/2018/02/diy-docker-using-skopeoostreerunc.html

the error in "bwrap-oci run"
bwrap-oci: unknown mount type none
was because of type none in /sys

"mounts": [
...
{
"destination": "/sys",
"type": "none",
"source": "/sys",
"options": [
"rbind",
"nosuid",
"noexec",
"nodev",
"ro"
]
}

but removing it did not solve the problem



On Fri, Feb 23, 2018 at 1:49 AM, Muayyad AlSadi  wrote:

> after that, the following worked
>
> cd cont1
> runc spec
> runc run myname
>
> I also tried "runc spec --rootless" and it worked but bwrap-oci did not
>
> $ bwrap-oci run
> bwrap-oci: unknown mount type none
>
>
>
> On Fri, Feb 23, 2018 at 1:33 AM, Muayyad AlSadi  wrote:
>
>> ostree checkout ociimage/nginx_3Alatest cont1
>> cat cont1/manifest.json | jq '.layers[]|.digest' | sed -re 's/"//g' | cut
>> -d ':' -f 2 | while read a; do echo ostree checkout --union ociimage/$a
>> cont1/rootfs; done
>>
>> what's next?
>>
>>
>> On Fri, Feb 23, 2018 at 12:18 AM, Muayyad AlSadi 
>> wrote:
>>
>>> hi,
>>>
>>> I'm running fedora as regular user
>>> and I wonder how can I use skopeo+ostree+bwrap-oci to run a docker image
>>> using bwrap-oci having files stored as ostree
>>>
>>> $ mkdir ostree
>>> $ cd ostree
>>> $ ostree init --mode=bare-user --repo=$PWD
>>> $ skopeo copy docker://redis:alpine ostree:redis@$PWD
>>> $ skopeo copy docker://nginx:alpine ostree:nginx@$PWD
>>> $ skopeo copy docker://busybox:alpine ostree:busybox@$PWD
>>> $ ostree refs
>>> $ ostree ls ociimage/redis_3Alatest
>>> $ ostree checkout ociimage/nginx_3Alatest cont1
>>> $ cd cont1
>>> $ bwrap-oci -c manifest.json run
>>> bwrap: --userns-block-fd requires --unshare-user
>>>
>>> so what went wrong?
>>>
>>>
>>
>

Re: [atomic-devel] Kubernetes manual setup

[Chris Negus]

- Original Message -
> On 02/23/2018 10:43 AM, Matthew Miller wrote:
> > On Fri, Feb 23, 2018 at 10:16:46AM -0800, Jason Brooks wrote:
> >>> If we have a preferred non-manual way, we should encourage people to
> >>> use that, but I don't see what we lose from having good documentation
> >>> at a lower level too.
> >> That's totally awesome. Now someone needs to do that work. In the
> >> absence of that person, it's not dismissive to link them to a popular
> >> resource for manual installation.
> > 
> > Of course -- but what I mean is saying "You wanted to know how to do
> > Kubernetes on Fedora Atomic Host? Go do Kubernetes the hard way!"
> > doesn't come off as very friendly to someone who doesn't know that
> > "Learn  the hard way!" is a somewhat tongue-in-cheek meme. If
> > that's the best resource and we recommend it, let's recommend it with a
> > preface.
> 
> Oh, I was planning to recommend Kubeadm.  Kubeadm is good enough for
> most users, these days, and it's actually a good way to test new
> Kubernetes releases.  And the Kubeadm team is enthusiastic enough to
> maybe offer us some help.
> 
> My primary concern with making sure that Kube is available on FAH/CAH is
> that I want Kubernetes developers regarding AH as a reasonable target
> platform for development.  We also want to make sure not to abandon our
> existing AH+Kube users, but presumably installation docs are not the
> primary thing those users need.
> 
> I wouldn't *mind* having a "the hard way" doc for FAH/CAH, but I can't
> commit to putting in the time it would require to write it, since I'm
> not sure who the target user for it is.  Someone who wants something
> "production" is going to install Origin, no?

I agree. I thought we should only document upstream Kubernetes on Atomic Host 
as a way to help people wanting to try Kubernetes, check out new features, or 
just learn what it is. Not for production. I also expected that we would 
encourage the use of Origin when they begin thinking about production.

I didn't want Ubuntu to be the only platform with good instructions for someone 
starting out with Kubernetes from kubernetes.io. If we can show them how to use 
Kubernetes on Atomic, it provides the added bonus of them being able to see the 
great features Atomic has as a container platform.

-- Chris Negus

Re: [atomic-devel] Kubernetes manual setup

[Josh Berkus]

On 02/23/2018 10:43 AM, Matthew Miller wrote:
> On Fri, Feb 23, 2018 at 10:16:46AM -0800, Jason Brooks wrote:
>>> If we have a preferred non-manual way, we should encourage people to
>>> use that, but I don't see what we lose from having good documentation
>>> at a lower level too.
>> That's totally awesome. Now someone needs to do that work. In the
>> absence of that person, it's not dismissive to link them to a popular
>> resource for manual installation.
> 
> Of course -- but what I mean is saying "You wanted to know how to do
> Kubernetes on Fedora Atomic Host? Go do Kubernetes the hard way!"
> doesn't come off as very friendly to someone who doesn't know that
> "Learn  the hard way!" is a somewhat tongue-in-cheek meme. If
> that's the best resource and we recommend it, let's recommend it with a
> preface.

Oh, I was planning to recommend Kubeadm.  Kubeadm is good enough for
most users, these days, and it's actually a good way to test new
Kubernetes releases.  And the Kubeadm team is enthusiastic enough to
maybe offer us some help.

My primary concern with making sure that Kube is available on FAH/CAH is
that I want Kubernetes developers regarding AH as a reasonable target
platform for development.  We also want to make sure not to abandon our
existing AH+Kube users, but presumably installation docs are not the
primary thing those users need.

I wouldn't *mind* having a "the hard way" doc for FAH/CAH, but I can't
commit to putting in the time it would require to write it, since I'm
not sure who the target user for it is.  Someone who wants something
"production" is going to install Origin, no?

-- 
--
Josh Berkus
Kubernetes Community
Red Hat OSAS

Re: [atomic-devel] Kubernetes manual setup

[Matthew Miller]

On Fri, Feb 23, 2018 at 10:16:46AM -0800, Jason Brooks wrote:
> > If we have a preferred non-manual way, we should encourage people to
> > use that, but I don't see what we lose from having good documentation
> > at a lower level too.
> That's totally awesome. Now someone needs to do that work. In the
> absence of that person, it's not dismissive to link them to a popular
> resource for manual installation.

Of course -- but what I mean is saying "You wanted to know how to do
Kubernetes on Fedora Atomic Host? Go do Kubernetes the hard way!"
doesn't come off as very friendly to someone who doesn't know that
"Learn  the hard way!" is a somewhat tongue-in-cheek meme. If
that's the best resource and we recommend it, let's recommend it with a
preface.

-- 
Matthew Miller

Fedora Project Leader

Re: [atomic-devel] Kubernetes manual setup

[Chris Negus]

- Original Message -
> On 02/21/2018 05:51 PM, Chris Negus wrote:
> > - Original Message -
> >> Works for me.
> > 
> > Me too. If everyone is in agreement, I'll see what I can do with Jason's
> > suggestions. I don't mind writing and maintaining docs on the
> > Kubernetes.io site, if you all will review it and make sure I'm on the
> > right track. Once I put something together, I'll ask Jason and others to
> > take a look at it.
> 
> I'll help with this.  Find me on kube-docs on slack?

Cool. I think I'll be able to get started on this next week. I'll probably put 
together a shared doc somewhere and we can all work away at it. I'll leave it 
open to anyone here who is interested in contributing. We can address all the 
great issues everyone has raised in that document.

-- Chris Negus

Re: [atomic-devel] Kubernetes manual setup

[Jason Brooks]

On Fri, Feb 23, 2018 at 10:16 AM, Jason Brooks  wrote:
> On Wed, Feb 21, 2018 at 3:36 PM, Matthew Miller
>  wrote:
>> On Wed, Feb 21, 2018 at 10:58:01AM -0800, Jason Brooks wrote:
>>> * drop the manual instructions from the site
>>> * tell people who want manual to go read "kubernetes the hard way"
>>
>> I know the reference from the Python programming book (was that the
>> first?), but not everyone will. To someone who doesn't get the
>> reference, I think this will come off as unnecessarily dismissive
>>
>> If we have a preferred non-manual way, we should encourage people to
>> use that, but I don't see what we lose from having good documentation
>> at a lower level too.
>
> That's totally awesome. Now someone needs to do that work. In the
> absence of that person, it's not dismissive to link them to a popular
> resource for manual installation.

https://github.com/kelseyhightower/kubernetes-the-hard-way

>
>>
>> --
>> Matthew Miller
>> 
>> Fedora Project Leader

Re: [atomic-devel] Kubernetes manual setup

[Jason Brooks]

On Wed, Feb 21, 2018 at 3:36 PM, Matthew Miller
 wrote:
> On Wed, Feb 21, 2018 at 10:58:01AM -0800, Jason Brooks wrote:
>> * drop the manual instructions from the site
>> * tell people who want manual to go read "kubernetes the hard way"
>
> I know the reference from the Python programming book (was that the
> first?), but not everyone will. To someone who doesn't get the
> reference, I think this will come off as unnecessarily dismissive
>
> If we have a preferred non-manual way, we should encourage people to
> use that, but I don't see what we lose from having good documentation
> at a lower level too.

That's totally awesome. Now someone needs to do that work. In the
absence of that person, it's not dismissive to link them to a popular
resource for manual installation.

>
> --
> Matthew Miller
> 
> Fedora Project Leader

Re: [atomic-devel] Kubernetes manual setup

[Josh Berkus]

On 02/21/2018 05:51 PM, Chris Negus wrote:
> - Original Message -
>> Works for me.
> 
> Me too. If everyone is in agreement, I'll see what I can do with Jason's 
> suggestions. I don't mind writing and maintaining docs on the Kubernetes.io 
> site, if you all will review it and make sure I'm on the right track. Once I 
> put something together, I'll ask Jason and others to take a look at it.

I'll help with this.  Find me on kube-docs on slack?

-- 
--
Josh Berkus
Kubernetes Community
Red Hat OSAS