udzura/kontena.log

## kontena.log
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
...
root      9573  0.3  0.5 1242928 83380 ?       Ssl  19:25   0:01 /usr/bin/dockerd -D -s devicemapper --add-runtime kata-runtime=/usr/bin/kata-runtime --add-runtime kata-fc=/op
root      9595  0.4  0.2 1237676 37156 ?       Ssl  19:25   0:02  \_ docker-containerd --config /var/run/docker/containerd/containerd.toml
root     11369  0.0  0.0   7756  4120 ?        Sl   19:29   0:00      \_ docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtim
root     11395  0.0  0.0   4188   516 ?        Ss   19:29   0:00      |   \_ sleep 300
root     11540  0.0  0.0   7564  4264 ?        Sl   19:30   0:00      \_ docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtim
root     11583  1.9  1.2 3260216 212396 ?      Sl   19:30   0:03      |   \_ /usr/bin/qemu-lite-system-x86_64 -name sandbox-4a39ae85a6246c7586a1ca751d30dbd31a655c37f50b14d1753
root     11589  0.0  0.0 777240  4472 ?        Sl   19:30   0:00      |   \_ /usr/libexec/kata-containers/kata-proxy -listen-socket unix:///run/vc/sbs/4a39ae85a6246c7586a1ca75
root     11605  0.0  0.0 861336 15456 ?        Sl   19:30   0:00      |   \_ /usr/libexec/kata-containers/kata-shim -agent unix:///run/vc/sbs/4a39ae85a6246c7586a1ca751d30dbd31
root     11749  0.0  0.0   7500  3988 ?        Sl   19:30   0:00      \_ docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtim
root     11786  5.5  0.5 145956 93024 ?        Sl   19:30   0:09          \_ /opt/kata/bin/firecracker --api-sock /run/vc/sbs/82a7e3b80597aabd0b13204e926ef2679ee3d66e066f41a73
root     11802  0.0  0.0 861076 15356 ?        Sl   19:30   0:00          \_ /opt/kata/libexec/kata-containers/kata-shim -agent vsock://2945817261:1024 -container 82a7e3b80597

## patch.patch
diff --git a/microk8s-resources/default-args/kube-apiserver b/microk8s-resources/default-args/kube-apiserver
index 801df0b..cd77906 100644
--- a/microk8s-resources/default-args/kube-apiserver
+++ b/microk8s-resources/default-args/kube-apiserver
@@ -1,3 +1,4 @@
+--feature-gates="RuntimeClass=true"
 --insecure-bind-address=0.0.0.0
 --cert-dir=${SNAP_DATA}
 --etcd-servers='unix://etcd.socket:2379'
diff --git a/microk8s-resources/default-args/kubelet b/microk8s-resources/default-args/kubelet
index 80238b0..269b7ff 100644
--- a/microk8s-resources/default-args/kubelet
+++ b/microk8s-resources/default-args/kubelet
@@ -2,13 +2,13 @@
 --cert-dir=${SNAP_DATA}
 --network-plugin=kubenet
 --root-dir=${SNAP_COMMON}/var/lib/kubelet
---docker-root=${SNAP_COMMON}/var/lib/docker
+--docker-root=/var/lib/docker
 --fail-swap-on=false
 --pod-cidr=10.1.1.0/24
 --non-masquerade-cidr=10.152.183.0/24
 --cni-bin-dir=${SNAP}/opt/cni/bin/
---docker unix://${SNAP_DATA}/docker.sock
---docker-endpoint unix://${SNAP_DATA}/docker.sock
---feature-gates=DevicePlugins=true
+--docker unix:///var/run/docker.sock
+--docker-endpoint unix:///var/run/docker.sock
+--feature-gates="RuntimeClass=true,DevicePlugins=true"
 --eviction-hard="memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi"
 --node-labels="microk8s.io/cluster=true"
diff --git a/snapcraft.yaml b/snapcraft.yaml
index 442be27..2968a01 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -66,6 +66,12 @@ apps:
     completer: istioctl.bash

 parts:
+  libnetfilter-conntrack:
+    plugin: autotools
+    source: https://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-1.0.6.tar.bz2
+    build-packages:
+      - libjansson-dev
+      - libmnl-dev
   libnftnl:
     plugin: autotools
     source: https://www.netfilter.org/projects/libnftnl/files/libnftnl-1.0.9.tar.bz2
@@ -74,6 +80,7 @@ parts:
@@ -74,6 +80,7 @@ parts:
     - libmnl-dev
   iptables:
     after:
+    - libnetfilter-conntrack
     - libnftnl
     source: https://www.netfilter.org/projects/iptables/files/iptables-1.6.1.tar.bz2
     plugin: autotools
@@ -82,8 +89,8 @@ parts:
     - flex
     - libmnl-dev
     - libnfnetlink-dev
-    - libnetfilter-conntrack3
-    - libnetfilter-conntrack-dev
+    #- libnetfilter-conntrack3
+    #- libnetfilter-conntrack-dev
     configflags:
     - "--disable-shared"
     - "--enable-static"
	USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
	...
	root 9573 0.3 0.5 1242928 83380 ? Ssl 19:25 0:01 /usr/bin/dockerd -D -s devicemapper --add-runtime kata-runtime=/usr/bin/kata-runtime --add-runtime kata-fc=/op
	root 9595 0.4 0.2 1237676 37156 ? Ssl 19:25 0:02 \_ docker-containerd --config /var/run/docker/containerd/containerd.toml
	root 11369 0.0 0.0 7756 4120 ? Sl 19:29 0:00 \_ docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtim
	root 11395 0.0 0.0 4188 516 ? Ss 19:29 0:00 \| \_ sleep 300
	root 11540 0.0 0.0 7564 4264 ? Sl 19:30 0:00 \_ docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtim
	root 11583 1.9 1.2 3260216 212396 ? Sl 19:30 0:03 \| \_ /usr/bin/qemu-lite-system-x86_64 -name sandbox-4a39ae85a6246c7586a1ca751d30dbd31a655c37f50b14d1753
	root 11589 0.0 0.0 777240 4472 ? Sl 19:30 0:00 \| \_ /usr/libexec/kata-containers/kata-proxy -listen-socket unix:///run/vc/sbs/4a39ae85a6246c7586a1ca75
	root 11605 0.0 0.0 861336 15456 ? Sl 19:30 0:00 \| \_ /usr/libexec/kata-containers/kata-shim -agent unix:///run/vc/sbs/4a39ae85a6246c7586a1ca751d30dbd31
	root 11749 0.0 0.0 7500 3988 ? Sl 19:30 0:00 \_ docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtim
	root 11786 5.5 0.5 145956 93024 ? Sl 19:30 0:09 \_ /opt/kata/bin/firecracker --api-sock /run/vc/sbs/82a7e3b80597aabd0b13204e926ef2679ee3d66e066f41a73
	root 11802 0.0 0.0 861076 15356 ? Sl 19:30 0:00 \_ /opt/kata/libexec/kata-containers/kata-shim -agent vsock://2945817261:1024 -container 82a7e3b80597
	diff --git a/microk8s-resources/default-args/kube-apiserver b/microk8s-resources/default-args/kube-apiserver
	index 801df0b..cd77906 100644
	--- a/microk8s-resources/default-args/kube-apiserver
	+++ b/microk8s-resources/default-args/kube-apiserver
	@@ -1,3 +1,4 @@
	+--feature-gates="RuntimeClass=true"
	--insecure-bind-address=0.0.0.0
	--cert-dir=${SNAP_DATA}
	--etcd-servers='unix://etcd.socket:2379'
	diff --git a/microk8s-resources/default-args/kubelet b/microk8s-resources/default-args/kubelet
	index 80238b0..269b7ff 100644
	--- a/microk8s-resources/default-args/kubelet
	+++ b/microk8s-resources/default-args/kubelet
	@@ -2,13 +2,13 @@
	--cert-dir=${SNAP_DATA}
	--network-plugin=kubenet
	--root-dir=${SNAP_COMMON}/var/lib/kubelet
	---docker-root=${SNAP_COMMON}/var/lib/docker
	+--docker-root=/var/lib/docker
	--fail-swap-on=false
	--pod-cidr=10.1.1.0/24
	--non-masquerade-cidr=10.152.183.0/24
	--cni-bin-dir=${SNAP}/opt/cni/bin/
	---docker unix://${SNAP_DATA}/docker.sock
	---docker-endpoint unix://${SNAP_DATA}/docker.sock
	---feature-gates=DevicePlugins=true
	+--docker unix:///var/run/docker.sock
	+--docker-endpoint unix:///var/run/docker.sock
	+--feature-gates="RuntimeClass=true,DevicePlugins=true"
	--eviction-hard="memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi"
	--node-labels="microk8s.io/cluster=true"
	diff --git a/snapcraft.yaml b/snapcraft.yaml
	index 442be27..2968a01 100644
	--- a/snapcraft.yaml
	+++ b/snapcraft.yaml
	@@ -66,6 +66,12 @@ apps:
	completer: istioctl.bash

	parts:
	+ libnetfilter-conntrack:
	+ plugin: autotools
	+ source: https://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-1.0.6.tar.bz2
	+ build-packages:
	+ - libjansson-dev
	+ - libmnl-dev
	libnftnl:
	plugin: autotools
	source: https://www.netfilter.org/projects/libnftnl/files/libnftnl-1.0.9.tar.bz2
	@@ -74,6 +80,7 @@ parts:
	@@ -74,6 +80,7 @@ parts:
	- libmnl-dev
	iptables:
	after:
	+ - libnetfilter-conntrack
	- libnftnl
	source: https://www.netfilter.org/projects/iptables/files/iptables-1.6.1.tar.bz2
	plugin: autotools
	@@ -82,8 +89,8 @@ parts:
	- flex
	- libmnl-dev
	- libnfnetlink-dev
	- - libnetfilter-conntrack3
	- - libnetfilter-conntrack-dev
	+ #- libnetfilter-conntrack3
	+ #- libnetfilter-conntrack-dev
	configflags:
	- "--disable-shared"
	- "--enable-static"