feat: add spin wasm runtime

This commit adds the spin runtime, analogous to the wasmedge runtime, to use Talos Linux with spinkube.dev.

Signed-off-by: Sven Pfennig <s.pfennig@reply.de>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>

.kres.yaml

@@ -29,6 +29,7 @@ spec:
     - qemu-guest-agent
     - qlogic-firmware
     - realtek-firmware
+    - spin
     - stargz-snapshotter
     - tailscale
     - thunderbolt

Makefile

@@ -83,6 +83,7 @@ TARGETS += nvidia-open-gpu-kernel-modules
 TARGETS += qemu-guest-agent
 TARGETS += qlogic-firmware
 TARGETS += realtek-firmware
+TARGETS += spin
 TARGETS += stargz-snapshotter
 TARGETS += tailscale
 TARGETS += thunderbolt

README.md

@@ -46,6 +46,7 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi
 | [stargz-snapshotter](container-runtime/stargz-snapshotter/)          | [ghcr.io/siderolabs/stargz-snapshotter](https://github.com/siderolabs/extensions/pkgs/container/stargz-snapshotter)           | [Stargz Snapshotter](https://github.com/containerd/stargz-snapshotter) container runtime                                           | `upstream version` |
 | [ecr-credential-provider](container-runtime/ecr-credential-provider) | [ghcr.io/siderolabs/ecr-credential-provider](https://github.com/siderolabs/extensions/pkgs/container/ecr-credential-provider) | [ECR Credential Provider](https://github.com/kubernetes/cloud-provider-aws/tree/master/cmd/ecr-credential-provider) kubelet plugin | `upstream version` |
 | [wasmedge](container-runtime/wasmedge)                               | [ghcr.io/siderolabs/wasmedge](https://github.com/siderolabs/extensions/pkgs/container/wasmedge)                               | [WasmEdge](https://github.com/containerd/runwasi) container runtime                                                                | `upstream_version` |
+| [spin](container-runtime/spin)                               | [ghcr.io/siderolabs/spin](https://github.com/siderolabs/extensions/pkgs/container/spin)                               | [Spin](https://github.com/spinkube/containerd-shim-spin) container runtime                                                                | `upstream_version` |
 | [kata-containers](container-runtime/kata-containers)                 | [ghcr.io/siderolabs/kata-containers](https://github.com/siderolabs/extensions/pkgs/container/kata-containers)                 | [Kata Containers](https://github.com/kata-containers/kata-containers) container runtime                                            | `upstream version` |
 
 ### Firmware

container-runtime/spin/README.md

@@ -0,0 +1,43 @@
+# WasmEdge extension
+
+## Installation
+
+See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
+
+## Usage
+
+In order to create the Wasm workload, a runtimeclass needs to be created.
+
+```yaml
+apiVersion: node.k8s.io/v1
+kind: RuntimeClass
+metadata:
+  name: wasmtime-spin-v2
+handler: spin
+```
+
+## Testing
+
+Apply the following manifest to run sample pod using spin:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: spin-test
+spec:
+  containers:
+  - command:
+    - /
+    image: ghcr.io/spinkube/containerd-shim-spin/examples/spin-rust-hello
+    name: spin-test
+  runtimeClassName: wasmtime-spin-v2
+```
+
+The pod should run without any errors:
+
+```bash
+$ kubectl get pods
+NAME            READY   STATUS      RESTARTS   AGE
+spin-test   1/1     Running   0          28s
+```

container-runtime/spin/manifest.yaml

@@ -0,0 +1,10 @@
+version: v1alpha1
+metadata:
+  name: spin
+  version: "$VERSION"
+  author: Sven Pfennig
+  description: |
+    This system extension provides support for spin runtime (WebAssembly) containers.
+  compatibility:
+    talos:
+      version: ">= v1.0.0"

container-runtime/spin/pkg.yaml

@@ -0,0 +1,33 @@
+name: spin
+variant: scratch
+shell: /toolchain/bin/bash
+dependencies:
+  - stage: base
+steps:
+  - sources:
+    # {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
+      - url: https://github.com/spinkube/containerd-shim-spin/releases/download/{{ .SPIN_VERSION }}/containerd-shim-spin-v2-linux-aarch64.tar.gz
+        destination: containerd-shim-spin.tar.gz
+        sha256: b358eb5c933359a999fb0e319d7f113773755c6afa1a4b1c84c1ffd13618844a
+        sha512: 635af2b980ba5bf7f5749138ef910ecd32f607d61846f64706e2f331f9a22beff0fe37f577d17f884e44b1731e064e46c370efbe083177993b0d583c68dbfe40
+    # {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
+      - url: https://github.com/spinkube/containerd-shim-spin/releases/download/{{ .SPIN_VERSION }}/containerd-shim-spin-v2-linux-x86_64.tar.gz
+        destination: containerd-shim-spin.tar.gz
+        sha256: 71b89c464f7892dd59ec3d082df220b617215ab49faf58165906560d581b0072
+        sha512: a7b2a9c2518cf0f648164230b615f76375f7444547661a8904335467bee12bae0129a81b4ea37a6352f5a9887015b1eedc5adf639d0051283bf6f46ad2cbcfcb
+    # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
+    prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+    install:
+      - |
+        mkdir -p /rootfs/usr/local/bin
+
+        tar xf containerd-shim-spin.tar.gz -C /rootfs/usr/local/bin
+finalize:
+  - from: /rootfs
+    to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /
+  - from: /pkg/spin.part
+    to: /rootfs/etc/cri/conf.d/spin.part

container-runtime/spin/spin.part

@@ -0,0 +1,2 @@
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.spin]
+  runtime_type = "io.containerd.spin.v2"

container-runtime/spin/vars.yaml

@@ -0,0 +1 @@
+VERSION: "{{ .SPIN_VERSION }}"

container-runtime/vars.yaml

@@ -6,5 +6,7 @@ STARGZ_SNAPSHOTTER_VERSION: v0.15.1
 CLOUD_PROVIDER_AWS_VERSION: v1.28.1
 # renovate: datasource=github-tags depName=containerd/runwasi
 WASMEDGE_VERSION: v0.3.0
+# renovate: datasource=github-tags depName=spinkube/containerd-shim-spin
+SPIN_VERSION: v0.13.1
 # renovate: datasource=github-releases depName=kata-containers/kata-containers
 KATA_CONTAINERS_VERSION: 3.3.0