made a few grammatical & format changes

kata-containers · May 24, 2018 · c22d45e · c22d45e
1 parent 9664caf
commit c22d45e
Showing 1 changed file with 54 additions and 27 deletions.
diff --git a/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md b/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md
@@ -1,15 +1,18 @@
 # How to use Kata Containers and CRI (containerd plugin) with Kubernetes
 
 This document describes how to set up a single-machine Kubernetes cluster. 
-The Kubernetes cluster will use the CRI containerd plugin and Kata Containers to launch untrusted workloads.
+The Kubernetes cluster will use the [CRI containerd plugin](https://github.com/containerd/cri) and [Kata Containers](https://katacontainers.io) to launch untrusted workloads.
 
 ## Requirements 
 - Kubernetes, kubelet, kubeadm
 - cri-containerd
 - Kata Containers
 
-For information about the supported version of these components see 
-Kata Containers [versions.yaml](https://github.com/kata-containers/runtime/blob/master/versions.yaml) file.
+Note|
+----------------- |
+|For information about the supported versions of these components, see the  Kata Containers [versions.yaml](https://github.com/kata-containers/runtime/blob/master/versions.yaml) file. |
+
+
 
 ## Install containerd(with CRI plugin enabled)
 
@@ -46,20 +49,24 @@ $ command -v kubeadm
 
 ### Configure containerd to use Kata Containers
 
-The CRI containerd plugin support configuration for two runtime types.
+The CRI containerd plugin supports configuration for two runtime types.
 
-- Default runtime: A runtime that is used by default to run workloads.
-- Untrusted workload runtime: A runtime that will be used run untrusted workloads.
+- **Default runtime:** A runtime that is used by default to run workloads.
+- **Untrusted workload runtime:** A runtime that will be used run untrusted workloads.
 
 #### Define the Kata runtime as `untrusted_workload_runtime` 
 
 Configure the Kata runtime for untrusted workload with the [config option](https://github.com/containerd/cri/blob/v1.0.0-rc.0/docs/config.md)
 `plugins.cri.containerd.untrusted_workload_runtime`.
 
 Unless configured otherwise, the default runtime is set to `runc`.
+
+- Configure containerd to use Kata as `untrusted_workload_runtime`
+
 ```bash
-# Configure containerd to use Kata as untrusted_workload_runtime
 $ sudo mkdir -p /etc/containerd/
+```
+```bash
 $ cat << EOT | sudo tee /etc/containerd/config.toml
 [plugins]
     [plugins.cri.containerd]
@@ -71,23 +78,29 @@ EOT
 
 ### Configure Kubelet to use containerd
 
-In order to allow kubelet use containerd (using CRI interface) configure the service to
-point to containerd socket.
+In order to allow kubelet use containerd (using CRI interface), configure the service to
+point to the `containerd` socket.
+
+
+- Configure k8s to use containerd
 
 ```bash
-# Configure k8s to use containerd
 $ sudo mkdir -p  /etc/systemd/system/kubelet.service.d/
+```
+```bash
 $ cat << EOF | sudo tee  /etc/systemd/system/kubelet.service.d/0-containerd.conf
 [Service]                                                 
 Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
 EOF
+```
+```bash
 $ sudo systemctl daemon-reload
 ```
 
 ### Optional: Configure proxy
 
-If you are behind a proxy this script will configure your proxy for docker
-kubelet and containerd.
+If you are behind a proxy, use this script to configure your proxy for docker,
+kubelet, and containerd.
 
 ```bash
 # Set proxys
@@ -109,20 +122,30 @@ Environment="HTTPS_PROXY=${https_proxy}"
 Environment="NO_PROXY=${no_proxy}"
 EOT
 done
+```
+```bash
 $ sudo systemctl daemon-reload
 ```
 
-###  Start Kubernetes with kubeadm 
+###  Start Kubernetes with `kubeadm`
+
+
+- Make sure containerd is up and running
 
 ```bash
-# Mark sure containerd is up and running
 $ sudo systemctl restart containerd
 $ sudo systemctl status containerd
+```
+
+- Prevent conflicts of docker iptables rules & k8s pod communication
 
-# Prevent docker iptables rules conflict with k8s pod communication
+```bash
 $ sudo iptables -P FORWARD ACCEPT
+```
 
-# Start cluster using kubeadm
+-  Start cluster using `kubeadm`
+
+```bash
 $ sudo kubeadm init --skip-preflight-checks \
 --cri-socket /run/containerd/containerd.sock --pod-network-cidr=10.244.0.0/16
 
@@ -132,12 +155,11 @@ $ sudo -E kubectl get nodes
 $ sudo -E kubectl get pods
 ```
 
-### Install a pod network
-Install a pod network plugin is needed to allow pods communicate with each other.
+### Install a Pod Network
 
-Install flannel plugging, by following the instructions in the section *Installing a pod network*
-from [Using kubeadm to Create a Cluster ](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/)
-guide.
+A pod network plugin is needed to allow pods to communicate with each other.
+
+Install the `flannel` plugin by following the [Using kubeadm to Create a Cluster](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#instructions) guide, starting from the **Installing a pod network** section.
 
 <!---
 ```bash
@@ -166,19 +188,19 @@ $ sudo -E kubectl get pods --all-namespaces | grep dns | grep Running && echo "O
 
 ### Allow run pods in master node
 
-By default, the cluster will not schedule pods in the master node to allow that run:
+By default, the cluster will not schedule pods in the master node. To enable master node scheduling, run:
 
 ```bash
-# allow master node run pods
+# allow master node to run pods
 $ sudo -E kubectl taint nodes --all node-role.kubernetes.io/master-
 ```
 
 
 ### Create a unstrusted pod using Kata Containers
 
 By default, all pods are created with the default runtime configured in CRI containerd plugin.
-If a pod has the `io.kubernetes.cri.untrusted-workload annotation` set as
-`"true"`, the CRI plugin will run the pod with the Kata Containers runtime.
+If a pod has the `io.kubernetes.cri.untrusted-workload` annotation set to
+`"true"`, the CRI plugin will run the pod with the [Kata Containers runtime](https://github.com/kata-containers/runtime).
 
 ```bash
 # Create untrusted pod configuration
@@ -195,19 +217,24 @@ spec:
     image: nginx
     
 EOT
+```
 
+```bash
 # Create untrusted pod
 $ sudo -E kubectl apply -f nginx-untrusted.yaml
-
+```
+```bash
 # Check pod is running
 $ sudo -E kubectl get pods
+```
 
+```bash
 # Check qemu is running
 $ ps aux | grep qemu
 ```
-### Delete created pod
 
 ```bash
+### Delete created pod
 # Delete pod
 $ sudo -E kubectl delete -f  nginx-untrusted.yaml
 ```