Running singularity as the run time for Kubernetes with VMware PKS

[root@sc2kubm40 ~]# yum install -y epel-release

<strong>Singularity and git related components can then be installed</strong>

[root@sc2kubm40 ~]# yum install -y singularity-runtime singularity git socat golang gcc libseccomp-devel

<strong>Since the Singularity CRI is in beta, it needs to be downloaded with git and compiled. These steps can be avoided once it becomes generally available.</strong>

[root@sc2kubm40 ~]# git clone https://github.com/sylabs/singularity-cri.git

Cloning into ‘singularity-cri’...

remote: Enumerating objects: 396, done.

remote: Counting objects: 100% (396/396), done.

remote: Compressing objects: 100% (312/312), done.

remote: Total 7523 (delta 115), reused 337 (delta 66), packreused 7127

Receiving objects: 100% (7523/7523), 7.59 MiB | 3.18 MiB/s, done.

Resolving deltas: 100% (3573/3573), done.

[root@sc2kubm40 ~]# cd singularity-cri

[root@sc2kubm40 singularitycri]# git checkout tags/v1.0.0-beta.6 -b v1.0.0-beta.6

Switched to a new branch ‘v1.0.0-beta.6’

[root@sc2kubm40 singularitycri]# make

 GO bin/sycri

[root@sc2kubm40 singularitycri]# make install

 INSTALL /usr/local/bin/sycri

 INSTALL /usr/local/etc/sycri/sycri.yaml

<strong>A systemd startup script for Singularity CRI should be created as shown below or using your favorite editor.</strong>

[root@sc2kubm40 singularitycri]# cat &lt;&lt;EOF &gt; /etc/systemd/system/sycri.service

&gt; [Unit]

&gt; Description=SingularityCRI

&gt; After=network.target

&gt; 

&gt; [Service]

&gt; Type=simple

&gt; Restart=always

&gt; RestartSec=1

&gt; ExecStart=/usr/local/bin/sycri

&gt; Environment=“PATH=/usr/local/libexec/singularity/bin:/bin:/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin”

&gt; 

&gt; [Install]

&gt; WantedBy=multiuser.target

&gt; EOF

<strong>Once the service has been created, it has to be enabled to startup automatically on boot and started.</strong>

[root@sc2kubm40 singularitycri]# systemctl enable sycri

Created symlink from /etc/systemd/system/multiuser.target.wants/sycri.service to /etc/systemd/system/sycri.service.

[root@sc2kubm40 singularitycri]# systemctl start sycri

<strong>SELINUX and swap should be disabled as shown below.</strong>

# Disable SELinux

[root@sc2kubm40 singularitycri]# setenforce 0

[root@sc2kubm40 singularitycri]# sed -i –follow-symlinks ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/sysconfig/selinux

# Disable swap

[root@sc2kubm40 singularitycri]# swapoff -a

[root@sc2kubm40 singularitycri]# sed -e ‘/swap/s/^/#/g’ -i /etc/fstab

<strong>Verify the Singularity runtime is running and is listening on a TCP socket as shown below.</strong>

 [root@sc2kubm40 singularitycri]# ls -l /var/run/singularity.sock

srw——- 1 root root 0 Oct 30 11:12 /var/run/singularity.sock

<strong>The Kubelet configuration should be edited to make it use the singularity runtime instead of the default docker runtime as shown below.</strong>

 [root@sc2kubm40 ~]# cat /etc/sysconfig/kubelet

KUBELET_EXTRA_ARGS=–containerruntime=remote

  containerruntimeendpoint=unix:///var/run/singularity.sock

  imageserviceendpoint=unix:///var/run/singularity.sock

<strong>The Kubelet service has to be stopped and started to activate the changes.</strong>

[root@sc2kubm40 singularitycri]# systemctl stop kubelet

[root@sc2kubm40 singularitycri]# systemctl start kubelet

<strong>Initialize kubeadm with the singularity run time as shown below.</strong>

 [root@sc2kubm40 singularitycri]# kubeadm init –pod-network-cidr=192.168.0.0/16 –cri-socket unix:///var/run/singularity.sock

I1030 11:17:10.162386   27725 version.go:240] remote version is much newer: v1.16.2; falling back to: stable1.14

[init] Using Kubernetes version: v1.14.3

[preflight] Running preflight checks

        [WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly

[preflight] Pulling images required for setting up a Kubernetes cluster

[preflight] This might take a minute or two, depending on the speed of your internet connection

[preflight] You can also perform this action in beforehand using ‘kubeadm config images pull’

.

.

.