From 26c505db8cd83dd5aa7534440b7f467a6b4fa58e Mon Sep 17 00:00:00 2001 From: Henrik Gerdes Date: Thu, 1 Aug 2024 13:26:01 +0200 Subject: [PATCH] feat: add crun container-runtime extension This adds the crun CRI implementation as an optional system extension Signed-off-by: Henrik Gerdes Signed-off-by: Noel Georgi --- .github/renovate.json | 1 + Makefile | 1 + container-runtime/crun/README.md | 43 ++++++++++++++++++++++++++++ container-runtime/crun/crun.part | 5 ++++ container-runtime/crun/manifest.yaml | 10 +++++++ container-runtime/crun/pkg.yaml | 40 ++++++++++++++++++++++++++ container-runtime/crun/vars.yaml | 1 + container-runtime/vars.yaml | 2 ++ 8 files changed, 103 insertions(+) create mode 100644 container-runtime/crun/README.md create mode 100644 container-runtime/crun/crun.part create mode 100644 container-runtime/crun/manifest.yaml create mode 100644 container-runtime/crun/pkg.yaml create mode 100644 container-runtime/crun/vars.yaml diff --git a/.github/renovate.json b/.github/renovate.json index 78cf8828..628546c2 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -51,6 +51,7 @@ "matchPackageNames": [ "nvidia/open-gpu-kernel-modules", "open-iscsi/open-isns", + "containers/crun", "git://git.kernel.org/pub/scm/libs/libcap/libcap.git", "git://sourceware.org/git/elfutils.git", "git://git.kernel.org/pub/scm/utils/mdadm/mdadm.git" diff --git a/Makefile b/Makefile index 67b94cf3..b9dff642 100644 --- a/Makefile +++ b/Makefile @@ -64,6 +64,7 @@ TARGETS += drbd TARGETS += ecr-credential-provider TARGETS += fuse3 TARGETS += gasket-driver +TARGETS += crun TARGETS += gvisor TARGETS += gvisor-debug TARGETS += hello-world-service diff --git a/container-runtime/crun/README.md b/container-runtime/crun/README.md new file mode 100644 index 00000000..6a40770f --- /dev/null +++ b/container-runtime/crun/README.md @@ -0,0 +1,43 @@ +# crun extension + +## Installation + +See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions). + +## Usage + +In order to create the Wasm workload, a runtimeclass needs to be created. + +```yaml +apiVersion: node.k8s.io/v1 +kind: RuntimeClass +metadata: + name: crun +handler: crun +``` + +## Testing + +Apply the following manifest to run nginx pod via crun: + +```yaml + +--- +apiVersion: v1 +kind: Pod +metadata: + name: nginx-crun +spec: + runtimeClassName: crun + containers: + - name: nginx + image: nginx +``` + +The pod should be up and running: + +```bash +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +nginx-crun 1/1 Running 0 40s +``` diff --git a/container-runtime/crun/crun.part b/container-runtime/crun/crun.part new file mode 100644 index 00000000..4c9ec7bf --- /dev/null +++ b/container-runtime/crun/crun.part @@ -0,0 +1,5 @@ +[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.crun] + runtime_type = "io.containerd.runc.v2" + +[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.crun.options] + BinaryName = "/usr/local/bin/crun" diff --git a/container-runtime/crun/manifest.yaml b/container-runtime/crun/manifest.yaml new file mode 100644 index 00000000..6f2d667b --- /dev/null +++ b/container-runtime/crun/manifest.yaml @@ -0,0 +1,10 @@ +version: v1alpha1 +metadata: + name: crun + version: "$VERSION" + author: Henrik Gerdes + description: | + This system extension provides crun using containerd's runtime handler. + compatibility: + talos: + version: ">= v1.8.0" diff --git a/container-runtime/crun/pkg.yaml b/container-runtime/crun/pkg.yaml new file mode 100644 index 00000000..f870c262 --- /dev/null +++ b/container-runtime/crun/pkg.yaml @@ -0,0 +1,40 @@ +name: crun +variant: scratch +shell: /toolchain/bin/bash +dependencies: + - stage: base +steps: + - sources: + # {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr + - url: https://github.com/containers/crun/releases/download/{{ .CRUN_VERSION }}/crun-{{ .CRUN_VERSION }}-linux-arm64-disable-systemd + destination: crun + sha256: 1bd840c95e9ae8edc25654dcf2481309724b9ff18ce95dbcd2535da9b026a47d + sha512: 3184eb0e440d9551003b4275c69ecaaef2ffaf84b11ac3ffdea2e22cc9d8c578bce032331bd476bf47e5d2247f0604b93b46c6a5c3225d6704378380d15d29ee + # {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr + - url: https://github.com/containers/crun/releases/download/{{ .CRUN_VERSION }}/crun-{{ .CRUN_VERSION }}-linux-amd64-disable-systemd + destination: crun + sha256: 03fd3ec6a7799183eaeefba5ebd3f66f9b5fb41a5b080c196285879631ff5dc1 + sha512: 1989c491593691527f368cd13e56aa179a414ac31a789ee39c1646b7468cc7c32bbcf0cc7e26b90c53152936422fb12d699dd5654a11e1ed2f2c2dd7eb4588e7 + # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr + prepare: + - | + sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml + install: + - | + mkdir -p /rootfs/usr/local/bin + cp -av crun /rootfs/usr/local/bin/crun + chmod +x /rootfs/usr/local/bin/crun + test: + - | + mkdir -p /extensions-validator-rootfs + cp -r /rootfs/ /extensions-validator-rootfs/rootfs + cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml + /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + +finalize: + - from: /rootfs + to: /rootfs + - from: /pkg/manifest.yaml + to: / + - from: /pkg/crun.part + to: /rootfs/etc/cri/conf.d/crun.part diff --git a/container-runtime/crun/vars.yaml b/container-runtime/crun/vars.yaml new file mode 100644 index 00000000..426c4660 --- /dev/null +++ b/container-runtime/crun/vars.yaml @@ -0,0 +1 @@ +VERSION: "{{ .CRUN_VERSION }}" diff --git a/container-runtime/vars.yaml b/container-runtime/vars.yaml index 216cba64..f2bbff79 100644 --- a/container-runtime/vars.yaml +++ b/container-runtime/vars.yaml @@ -10,3 +10,5 @@ WASMEDGE_VERSION: v0.4.0 SPIN_VERSION: v0.15.0 # renovate: datasource=github-releases depName=kata-containers/kata-containers KATA_CONTAINERS_VERSION: 3.3.0 +# renovate: datasource=github-releases depName=containers/crun +CRUN_VERSION: 1.15