mirror of
https://github.com/containers/youki
synced 2024-05-06 07:36:17 +02:00
Add the handly script for kind and youki
Signed-off-by: utam0k <k0ma@utam0k.jp>
This commit is contained in:
parent
ec2f58d4b2
commit
29cf869c68
|
@ -1,4 +1,4 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
sudo apt-get -y update
|
apt-get -y update
|
||||||
sudo apt-get install -y pkg-config libsystemd-dev libdbus-glib-1-dev libelf-dev libseccomp-dev
|
apt-get install -y pkg-config libsystemd-dev libdbus-glib-1-dev libelf-dev libseccomp-dev
|
||||||
|
|
|
@ -15,7 +15,7 @@ jobs:
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
|
|
||||||
- name: Setup Rust toolchain and cache
|
- name: Setup Rust toolchain and cache
|
||||||
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
||||||
|
@ -41,7 +41,7 @@ jobs:
|
||||||
ref: main
|
ref: main
|
||||||
|
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
|
|
||||||
- name: Setup Rust toolchain and cache
|
- name: Setup Rust toolchain and cache
|
||||||
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
name: 🧪 Containerd integration test
|
name: 🧪 e2e test
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
|
@ -17,7 +17,7 @@ jobs:
|
||||||
- name: Setup Rust toolchain and cache
|
- name: Setup Rust toolchain and cache
|
||||||
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
- name: Build youki
|
- name: Build youki
|
||||||
run: make youki-release
|
run: make youki-release
|
||||||
- name: Upload youki binary
|
- name: Upload youki binary
|
||||||
|
@ -57,3 +57,21 @@ jobs:
|
||||||
runc --version
|
runc --version
|
||||||
- name: Integration Test
|
- name: Integration Test
|
||||||
run: sudo make TEST_RUNTIME=io.containerd.runc.v2 TESTFLAGS="-timeout 40m" integration
|
run: sudo make TEST_RUNTIME=io.containerd.runc.v2 TESTFLAGS="-timeout 40m" integration
|
||||||
|
#
|
||||||
|
# k8s-tests:
|
||||||
|
# runs-on: ubuntu-22.04
|
||||||
|
# needs: [youki-build]
|
||||||
|
# timeout-minutes: 40
|
||||||
|
# steps:
|
||||||
|
# - uses: actions/checkout@v3
|
||||||
|
# - name: Download youki binary
|
||||||
|
# uses: actions/download-artifact@v3
|
||||||
|
# with:
|
||||||
|
# name: youki
|
||||||
|
# - name: Add the permission to run
|
||||||
|
# run: chmod +x ./youki
|
||||||
|
# - name: test/k8s/deploy
|
||||||
|
# run: make test/k8s/deploy
|
||||||
|
# # - name: Debug
|
||||||
|
# # if: ${{ always() }}
|
||||||
|
# # uses: mxschmitt/action-tmate@v3
|
|
@ -31,7 +31,7 @@ jobs:
|
||||||
- name: Setup Rust toolchain and cache
|
- name: Setup Rust toolchain and cache
|
||||||
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
- name: Install runc 1.1.0
|
- name: Install runc 1.1.0
|
||||||
run: |
|
run: |
|
||||||
wget -q https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
|
wget -q https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
|
||||||
|
|
|
@ -46,7 +46,7 @@ jobs:
|
||||||
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
||||||
- run: rustup component add rustfmt clippy
|
- run: rustup component add rustfmt clippy
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
- run: sudo apt-get install -y pkg-config libsystemd-dev libdbus-glib-1-dev libelf-dev libseccomp-dev
|
- run: sudo apt-get install -y pkg-config libsystemd-dev libdbus-glib-1-dev libelf-dev libseccomp-dev
|
||||||
- name: Check formatting
|
- name: Check formatting
|
||||||
run: cargo fmt --all -- --check
|
run: cargo fmt --all -- --check
|
||||||
|
@ -84,7 +84,7 @@ jobs:
|
||||||
with:
|
with:
|
||||||
tool: cargo-llvm-cov@0.4.0
|
tool: cargo-llvm-cov@0.4.0
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
- name: Run Test Coverage for youki
|
- name: Run Test Coverage for youki
|
||||||
run: |
|
run: |
|
||||||
cargo llvm-cov clean --workspace
|
cargo llvm-cov clean --workspace
|
||||||
|
@ -105,7 +105,7 @@ jobs:
|
||||||
- name: Setup Rust toolchain and cache
|
- name: Setup Rust toolchain and cache
|
||||||
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
- uses: actions/setup-go@v3
|
- uses: actions/setup-go@v3
|
||||||
with:
|
with:
|
||||||
go-version: "1.17.6"
|
go-version: "1.17.6"
|
||||||
|
|
|
@ -10,7 +10,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
- run: make youki-dev
|
- run: make youki-dev
|
||||||
- run: sudo cp youki /usr/local/bin
|
- run: sudo cp youki /usr/local/bin
|
||||||
- name: Install requirements for Podman
|
- name: Install requirements for Podman
|
||||||
|
|
|
@ -13,7 +13,7 @@ jobs:
|
||||||
with:
|
with:
|
||||||
submodules: recursive
|
submodules: recursive
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
- name: Setup Rust toolchain and cache
|
- name: Setup Rust toolchain and cache
|
||||||
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
||||||
- name: Build
|
- name: Build
|
||||||
|
@ -30,7 +30,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Install requirements
|
- name: Install requirements
|
||||||
run: ./.github/scripts/dependency.sh
|
run: sudo ./.github/scripts/dependency.sh
|
||||||
- name: Setup Rust toolchain and cache
|
- name: Setup Rust toolchain and cache
|
||||||
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
uses: actions-rust-lang/setup-rust-toolchain@v1.3.7
|
||||||
- name: Release build
|
- name: Release build
|
||||||
|
|
|
@ -20,3 +20,5 @@ tags.temp
|
||||||
|
|
||||||
/bundle.tar.gz
|
/bundle.tar.gz
|
||||||
/test.log
|
/test.log
|
||||||
|
|
||||||
|
/tests/k8s/_out/
|
||||||
|
|
32
Makefile
32
Makefile
|
@ -1,5 +1,9 @@
|
||||||
ROOT = $(shell git rev-parse --show-toplevel)
|
ROOT = $(shell git rev-parse --show-toplevel)
|
||||||
|
|
||||||
|
DOCKER_BUILD ?= docker buildx build
|
||||||
|
|
||||||
|
KIND_CLUSTER_NAME ?= youki
|
||||||
|
|
||||||
# builds
|
# builds
|
||||||
|
|
||||||
.PHONY:build
|
.PHONY:build
|
||||||
|
@ -80,13 +84,37 @@ test/k3s: bin/k3s
|
||||||
test/k3s/clean:
|
test/k3s/clean:
|
||||||
sudo bin/k3s-youki-uninstall.sh
|
sudo bin/k3s-youki-uninstall.sh
|
||||||
|
|
||||||
# Misc
|
.PHONY: test/k8s/cluster
|
||||||
#
|
test/k8s/cluster: bin/kind tests/k8s/_out/img bin/kind
|
||||||
|
bin/kind create cluster --name $(KIND_CLUSTER_NAME) --image="$(shell cat tests/k8s/_out/img)"
|
||||||
|
|
||||||
|
.PHONY: test/k8s/deploy
|
||||||
|
test/k8s/deploy: test/k8s/cluster
|
||||||
|
kubectl --context=kind-$(KIND_CLUSTER_NAME) apply -f tests/k8s/deploy.yaml
|
||||||
|
kubectl --context=kind-$(KIND_CLUSTER_NAME) wait deployment nginx-deployment --for condition=Available=True --timeout=90s
|
||||||
|
kubectl --context=kind-$(KIND_CLUSTER_NAME) get pods -o wide
|
||||||
|
|
||||||
|
# Bin
|
||||||
|
|
||||||
.PHONY: bin/k3s
|
.PHONY: bin/k3s
|
||||||
bin/k3s:
|
bin/k3s:
|
||||||
mkdir -p bin && \
|
mkdir -p bin && \
|
||||||
curl -sfL https://get.k3s.io | INSTALL_K3S_BIN_DIR=$(PWD)/bin INSTALL_K3S_SYMLINK=skip INSTALL_K3S_NAME=youki sh -
|
curl -sfL https://get.k3s.io | INSTALL_K3S_BIN_DIR=$(PWD)/bin INSTALL_K3S_SYMLINK=skip INSTALL_K3S_NAME=youki sh -
|
||||||
|
|
||||||
|
.PHONY: bin/kind
|
||||||
|
bin/kind: tests/k8s/Dockerfile
|
||||||
|
$(DOCKER_BUILD) --output=bin/ -f tests/k8s/Dockerfile --target kind-bin .
|
||||||
|
|
||||||
|
.PHONY: test/k8s/clean
|
||||||
|
test/k8s/clean:
|
||||||
|
kind delete cluster --name $(KIND_CLUSTER_NAME)
|
||||||
|
rm -r tests/k8s/_out
|
||||||
|
|
||||||
|
tests/k8s/_out/img: tests/k8s/Dockerfile Cargo.toml Cargo.lock $(shell find . -type f -name '*.rs')
|
||||||
|
mkdir -p $(@D) && $(DOCKER_BUILD) -f tests/k8s/Dockerfile --iidfile=$(@) --load .
|
||||||
|
|
||||||
|
# Misc
|
||||||
|
|
||||||
.PHONY: lint
|
.PHONY: lint
|
||||||
lint:
|
lint:
|
||||||
cargo fmt --all -- --check
|
cargo fmt --all -- --check
|
||||||
|
|
|
@ -376,9 +376,9 @@ pub fn container_init_process(
|
||||||
warn!("seccomp not available, unable to enforce no_new_privileges!")
|
warn!("seccomp not available, unable to enforce no_new_privileges!")
|
||||||
}
|
}
|
||||||
|
|
||||||
capabilities::reset_effective(syscall).context("Failed to reset effective capabilities")?;
|
capabilities::reset_effective(syscall).context("failed to reset effective capabilities")?;
|
||||||
if let Some(caps) = proc.capabilities() {
|
if let Some(caps) = proc.capabilities() {
|
||||||
capabilities::drop_privileges(caps, syscall).context("Failed to drop capabilities")?;
|
capabilities::drop_privileges(caps, syscall).context("failed to drop capabilities")?;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Change directory to process.cwd if process.cwd is not empty
|
// Change directory to process.cwd if process.cwd is not empty
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
# syntax=docker/dockerfile:1.4
|
||||||
|
|
||||||
|
ARG KIND_NODE_VERSION=v1.23.13
|
||||||
|
|
||||||
|
FROM kindest/node:${KIND_NODE_VERSION} AS kind-base
|
||||||
|
|
||||||
|
FROM kind-base AS shim-build
|
||||||
|
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /tmp/rustup.sh && sh /tmp/rustup.sh -y --profile=minimal
|
||||||
|
ENV PATH="/root/.cargo/bin:${PATH}"
|
||||||
|
WORKDIR /shim
|
||||||
|
COPY ./youki /shim/youki
|
||||||
|
|
||||||
|
FROM scratch AS shim
|
||||||
|
COPY --from=shim-build /shim/youki /
|
||||||
|
|
||||||
|
FROM kind-base AS kind-fetch
|
||||||
|
ARG TARGETARCH
|
||||||
|
ARG KIND_VERSION=v0.17.0
|
||||||
|
RUN curl -sSLf https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-linux-${TARGETARCH} > /root/kind && chmod +x /root/kind
|
||||||
|
|
||||||
|
FROM scratch AS kind-bin
|
||||||
|
COPY --from=kind-fetch /root/kind /kind
|
||||||
|
|
||||||
|
FROM kind-base
|
||||||
|
RUN <<EOF
|
||||||
|
set -e
|
||||||
|
echo '[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.youki]' >> /etc/containerd/config.toml
|
||||||
|
echo ' runtime_type = "io.containerd.runc.v2"' >> /etc/containerd/config.toml
|
||||||
|
echo ' [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.youki.options]' >> /etc/containerd/config.toml
|
||||||
|
echo ' BinaryName = "/usr/local/bin/youki"' >> /etc/containerd/config.toml
|
||||||
|
sed -i 's,SystemdCgroup = true,,' /etc/containerd/config.toml
|
||||||
|
EOF
|
||||||
|
COPY .github/scripts/dependency.sh .github/scripts/dependency.sh
|
||||||
|
RUN apt-get update && .github/scripts/dependency.sh
|
||||||
|
COPY --link --from=shim /* /usr/local/bin/
|
||||||
|
|
Loading…
Reference in New Issue