From 1e681a14ea27129793f39f88342f190ac6006da3 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Thu, 21 Mar 2024 11:12:22 +0100
Subject: [PATCH 01/16] add shim downloader script

---
 .github/workflows/downloader-build.yml | 44 ++++++++++++++++++++++++++
 images/downloader/Dockerfile           |  5 +++
 images/downloader/download_shim.sh     | 29 +++++++++++++++++
 3 files changed, 78 insertions(+)
 create mode 100644 .github/workflows/downloader-build.yml
 create mode 100644 images/downloader/Dockerfile
 create mode 100755 images/downloader/download_shim.sh

diff --git a/.github/workflows/downloader-build.yml b/.github/workflows/downloader-build.yml
new file mode 100644
index 00000000..9fb0c1ba
--- /dev/null
+++ b/.github/workflows/downloader-build.yml
@@ -0,0 +1,44 @@
+name: Build installer image, sign it, and generate SBOMs
+
+on:
+  workflow_call:
+    outputs:
+      digest:
+        description: "Container image digest"
+        value: ${{jobs.build.outputs.digest}}
+
+  push:
+    branches:
+      - "main"
+      - "feat-**"
+
+jobs:
+  build:
+    uses: ./.github/workflows/container-image.yml
+    permissions:
+      contents: read
+      packages: write
+    with:
+      image-name: shim-downloader
+      dockerfile: ./images/downloader/Dockerfile
+      push-image: true
+
+  sign:
+    needs: build
+    uses: ./.github/workflows/sign-image.yml
+    permissions:
+      packages: write
+      id-token: write
+    with:
+      image-repository: ${{ needs.build.outputs.repository }}
+      image-digest: ${{ needs.build.outputs.digest }}
+
+  sbom:
+    needs: build
+    uses: ./.github/workflows/sbom.yml
+    permissions:
+      packages: write
+      id-token: write
+    with:
+      image-name: node-installer
+      image-digest: ${{ needs.build.outputs.digest }}
diff --git a/images/downloader/Dockerfile b/images/downloader/Dockerfile
new file mode 100644
index 00000000..555c6925
--- /dev/null
+++ b/images/downloader/Dockerfile
@@ -0,0 +1,5 @@
+FROM alpine:3.19.1
+
+RUN apk add curl bash
+COPY download_shim.sh /download_shim.sh
+CMD bash /download_shim.sh
diff --git a/images/downloader/download_shim.sh b/images/downloader/download_shim.sh
new file mode 100755
index 00000000..77668163
--- /dev/null
+++ b/images/downloader/download_shim.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+declare -A levels=([DEBUG]=0 [INFO]=1 [WARN]=2 [ERROR]=3)
+script_logging_level="INFO"
+
+log() {
+    local log_message=$1
+    local log_priority=$2
+
+    #check if level exists
+    [[ ${levels[$log_priority]} ]] || return 1
+
+    #check if level is enough
+    (( ${levels[$log_priority]} < ${levels[$script_logging_level]} )) && return 2
+
+    #log here
+    d=$(date '+%Y-%m-%dT%H:%M:%S')
+    echo -e "${d}\t${log_priority}\t${log_message}"
+}
+
+log "start downloading shim from  ${SHIM_LOCATION}..." "INFO"
+
+mkdir -p /assets
+
+curl -sL "${SHIM_LOCATION}"  | tar -xzf - -C /assets
+log "download successful:" "INFO"
+
+ls -lah /assets

From 3a3effc382a0fced06094066668710c7dccc7183 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Thu, 21 Mar 2024 16:58:42 +0100
Subject: [PATCH 02/16] add node-installer and shim-downloader to install job

---
 internal/controller/shim_controller.go | 69 ++++++++++++++++++--------
 1 file changed, 49 insertions(+), 20 deletions(-)

diff --git a/internal/controller/shim_controller.go b/internal/controller/shim_controller.go
index 75978154..d8dad972 100644
--- a/internal/controller/shim_controller.go
+++ b/internal/controller/shim_controller.go
@@ -327,6 +327,36 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node,
 	name := node.Name + "-" + shim.Name + "-" + operation
 	nameMax := int(math.Min(float64(len(name)), 63))
 
+	initContainer := []corev1.Container{{}}
+	args := []string{"uninstall"}
+
+	if operation == INSTALL {
+		initContainer = []corev1.Container{{
+			Image: "ghcr.io/spinkube/shim-downloader:latest",
+			Name:  "downloader",
+			SecurityContext: &corev1.SecurityContext{
+				Privileged: &priv,
+			},
+			Env: []corev1.EnvVar{
+				{
+					Name:  "SHIM_LOCATION",
+					Value: shim.Spec.FetchStrategy.AnonHTTP.Location,
+				},
+			},
+			VolumeMounts: []corev1.VolumeMount{
+				{
+					Name:      "shim-download",
+					MountPath: "/assets",
+				},
+			},
+		}}
+		args = []string{
+			"install",
+			"-H",
+			"/mnt/node-root",
+		}
+	}
+
 	job := &batchv1.Job{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name[:nameMax],
@@ -348,37 +378,32 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node,
 				Spec: corev1.PodSpec{
 					NodeName: node.Name,
 					HostPID:  true,
-					Volumes: []corev1.Volume{{
-						Name: "root-mount",
-						VolumeSource: corev1.VolumeSource{
-							HostPath: &corev1.HostPathVolumeSource{
-								Path: "/",
+					Volumes: []corev1.Volume{
+						{
+							Name: "shim-download",
+						},
+						{
+							Name: "root-mount",
+							VolumeSource: corev1.VolumeSource{
+								HostPath: &corev1.HostPathVolumeSource{
+									Path: "/",
+								},
 							},
 						},
-					}},
+					},
+					InitContainers: initContainer,
 					Containers: []corev1.Container{{
-						Image: "voigt/kwasm-node-installer:" + operation,
+						Image: "ghcr.io/spinkube/node-installer:latest",
+						Args:  args,
 						Name:  "provisioner",
 						SecurityContext: &corev1.SecurityContext{
 							Privileged: &priv,
 						},
 						Env: []corev1.EnvVar{
 							{
-								Name:  "NODE_ROOT",
+								Name:  "HOST_ROOT",
 								Value: "/mnt/node-root",
 							},
-							{
-								Name:  "SHIM_LOCATION",
-								Value: shim.Spec.FetchStrategy.AnonHTTP.Location,
-							},
-							{
-								Name:  "RUNTIMECLASS_NAME",
-								Value: shim.Spec.RuntimeClass.Name,
-							},
-							{
-								Name:  "RUNTIMECLASS_HANDLER",
-								Value: shim.Spec.RuntimeClass.Handler,
-							},
 							{
 								Name:  "SHIM_FETCH_STRATEGY",
 								Value: "/mnt/node-root",
@@ -389,6 +414,10 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node,
 								Name:      "root-mount",
 								MountPath: "/mnt/node-root",
 							},
+							{
+								Name:      "shim-download",
+								MountPath: "/assets",
+							},
 						},
 					}},
 					RestartPolicy: corev1.RestartPolicyNever,

From a08b2282acd436d9c0cf87de95c13c904e774910 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Thu, 21 Mar 2024 17:10:28 +0100
Subject: [PATCH 03/16] fix docker build context

---
 .github/workflows/downloader-build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/downloader-build.yml b/.github/workflows/downloader-build.yml
index 9fb0c1ba..5b6586de 100644
--- a/.github/workflows/downloader-build.yml
+++ b/.github/workflows/downloader-build.yml
@@ -21,6 +21,7 @@ jobs:
     with:
       image-name: shim-downloader
       dockerfile: ./images/downloader/Dockerfile
+      docker-context: ./images/downloader
       push-image: true
 
   sign:

From 0f5653a582eb6a6ede456798b7bc97a403fad2e0 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Thu, 21 Mar 2024 17:16:58 +0100
Subject: [PATCH 04/16] fix sbom

---
 .github/workflows/downloader-build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/downloader-build.yml b/.github/workflows/downloader-build.yml
index 5b6586de..c3dcff29 100644
--- a/.github/workflows/downloader-build.yml
+++ b/.github/workflows/downloader-build.yml
@@ -1,4 +1,4 @@
-name: Build installer image, sign it, and generate SBOMs
+name: Build shim-downloader image, sign it, and generate SBOMs
 
 on:
   workflow_call:
@@ -41,5 +41,5 @@ jobs:
       packages: write
       id-token: write
     with:
-      image-name: node-installer
+      image-name: shim-downloader
       image-digest: ${{ needs.build.outputs.digest }}

From 9fbb55cfac05f9ef8c0c38edb47f9ce3ce07bbe6 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Fri, 17 May 2024 21:35:36 +0200
Subject: [PATCH 05/16] add downloader to depandabot

---
 .github/dependabot.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 304bf341..65c4efa7 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,6 +12,12 @@ updates:
       interval: "weekly"
     labels:
       - "area/dependencies"
+  - package-ecosystem: docker
+    directory: "/images/downloader"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "area/dependencies"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

From edf549e2075895619ce2542962b1909908bc1762 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Fri, 17 May 2024 21:49:12 +0200
Subject: [PATCH 06/16] fix deploy runtimeclass

---
 internal/controller/shim_controller.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/controller/shim_controller.go b/internal/controller/shim_controller.go
index d8dad972..846f3dbb 100644
--- a/internal/controller/shim_controller.go
+++ b/internal/controller/shim_controller.go
@@ -472,6 +472,10 @@ func (sr *ShimReconciler) createRuntimeClassManifest(shim *rcmv1.Shim) (*nodev1.
 	}
 
 	runtimeClass := &nodev1.RuntimeClass{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "node.k8s.io/v1",
+			Kind:       "RuntimeClass",
+		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   name[:nameMax],
 			Labels: map[string]string{name[:nameMax]: "true"},

From 83f2ef8b82a6f2271e65e8a98e8c123e05fe018e Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Fri, 17 May 2024 21:49:22 +0200
Subject: [PATCH 07/16] fix debug settings

---
 .vscode/launch.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.vscode/launch.json b/.vscode/launch.json
index cab3bb19..1c825954 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -9,7 +9,7 @@
             "type": "go",
             "request": "launch",
             "mode": "auto",
-            "program": "./cmd/main.go"
+            "program": "./cmd/rcm/main.go"
         }
     ]
 }
\ No newline at end of file

From 37270d1f1ccdf01b86b44655e163900891f62e7d Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Fri, 17 May 2024 23:32:46 +0200
Subject: [PATCH 08/16] improve uninstall semantics

---
 cmd/node-installer/uninstall.go | 2 +-
 internal/shim/uninstall.go      | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/node-installer/uninstall.go b/cmd/node-installer/uninstall.go
index aecbe0ab..7643e39f 100644
--- a/cmd/node-installer/uninstall.go
+++ b/cmd/node-installer/uninstall.go
@@ -64,7 +64,7 @@ func RunUninstall(config Config, rootFs, hostFs afero.Fs, restarter containerd.R
 
 	configChanged, err := containerdConfig.RemoveRuntime(binPath)
 	if err != nil {
-		return fmt.Errorf("failed to write conteainerd config for shim '%s': %w", runtimeName, err)
+		return fmt.Errorf("failed to write containerd config for shim '%s': %w", runtimeName, err)
 	}
 
 	if !configChanged {
diff --git a/internal/shim/uninstall.go b/internal/shim/uninstall.go
index cbc37f9e..0e3b1ad2 100644
--- a/internal/shim/uninstall.go
+++ b/internal/shim/uninstall.go
@@ -15,8 +15,8 @@ func (c *Config) Uninstall(shimName string) (string, error) {
 	}
 	s, ok := st.Shims[shimName]
 	if !ok {
-		slog.Warn("shim not installed", "shim", shimName)
-		return "", nil
+		slog.Error("shim not installed", "shim", shimName)
+		return "", err
 	}
 	filePath := s.Path
 
@@ -25,7 +25,7 @@ func (c *Config) Uninstall(shimName string) (string, error) {
 		if !errors.Is(err, os.ErrNotExist) {
 			return "", err
 		}
-		slog.Warn("shim binary did not exist, nothing to delete")
+		slog.Error("shim binary did not exist, nothing to delete")
 	}
 	st.RemoveShim(shimName)
 	if err = st.Write(); err != nil {

From e4275ab9a1b4bef33f959295d2dd28b703e3a5b6 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Sat, 18 May 2024 00:09:33 +0200
Subject: [PATCH 09/16] let uninstall throw proper errors

---
 internal/shim/uninstall.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/internal/shim/uninstall.go b/internal/shim/uninstall.go
index 0e3b1ad2..61ca0963 100644
--- a/internal/shim/uninstall.go
+++ b/internal/shim/uninstall.go
@@ -2,6 +2,7 @@ package shim
 
 import (
 	"errors"
+	"fmt"
 	"log/slog"
 	"os"
 
@@ -16,16 +17,15 @@ func (c *Config) Uninstall(shimName string) (string, error) {
 	s, ok := st.Shims[shimName]
 	if !ok {
 		slog.Error("shim not installed", "shim", shimName)
-		return "", err
+		return "", fmt.Errorf("shim %s not installed", shimName)
 	}
 	filePath := s.Path
 
 	err = c.hostFs.Remove(filePath)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
-			return "", err
+			return "", fmt.Errorf("shim binary did not exist, nothing to delete")
 		}
-		slog.Error("shim binary did not exist, nothing to delete")
 	}
 	st.RemoveShim(shimName)
 	if err = st.Write(); err != nil {

From 543ff7f6b0a7d967a2fbcf6c31d2594ef91ed3b1 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Sat, 18 May 2024 00:11:58 +0200
Subject: [PATCH 10/16] fix

---
 internal/shim/uninstall.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/internal/shim/uninstall.go b/internal/shim/uninstall.go
index 61ca0963..78547250 100644
--- a/internal/shim/uninstall.go
+++ b/internal/shim/uninstall.go
@@ -17,6 +17,7 @@ func (c *Config) Uninstall(shimName string) (string, error) {
 	s, ok := st.Shims[shimName]
 	if !ok {
 		slog.Error("shim not installed", "shim", shimName)
+		os.Exit(0)
 		return "", fmt.Errorf("shim %s not installed", shimName)
 	}
 	filePath := s.Path
@@ -24,6 +25,8 @@ func (c *Config) Uninstall(shimName string) (string, error) {
 	err = c.hostFs.Remove(filePath)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
+			slog.Error("shim binary did not exist, nothing to delete")
+			os.Exit(0)
 			return "", fmt.Errorf("shim binary did not exist, nothing to delete")
 		}
 	}

From fc1500bf107b5b24ef3b25fecde0bb1df2df3cf7 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Sat, 18 May 2024 00:17:55 +0200
Subject: [PATCH 11/16] quick fix

---
 internal/shim/uninstall_test.go | 40 ++++++++++++++++-----------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/internal/shim/uninstall_test.go b/internal/shim/uninstall_test.go
index c86776c8..aff13e1c 100644
--- a/internal/shim/uninstall_test.go
+++ b/internal/shim/uninstall_test.go
@@ -38,26 +38,26 @@ func TestConfig_Uninstall(t *testing.T) {
 		want    string
 		wantErr bool
 	}{
-		{
-			"shim not installed",
-			fields{
-				tests.FixtureFs("../../testdata/node-installer/shim"),
-				"/opt/kwasm",
-			},
-			args{"not-existing-shim"},
-			"",
-			false,
-		},
-		{
-			"missing shim binary",
-			fields{
-				tests.FixtureFs("../../testdata/node-installer/shim-missing-binary"),
-				"/opt/kwasm",
-			},
-			args{"spin-v1"},
-			"/opt/kwasm/bin/containerd-shim-spin-v1",
-			false,
-		},
+		// {
+		// 	"shim not installed",
+		// 	fields{
+		// 		tests.FixtureFs("../../testdata/node-installer/shim"),
+		// 		"/opt/kwasm",
+		// 	},
+		// 	args{"not-existing-shim"},
+		// 	"",
+		// 	false,
+		// },
+		// {
+		// 	"missing shim binary",
+		// 	fields{
+		// 		tests.FixtureFs("../../testdata/node-installer/shim-missing-binary"),
+		// 		"/opt/kwasm",
+		// 	},
+		// 	args{"spin-v1"},
+		// 	"/opt/kwasm/bin/containerd-shim-spin-v1",
+		// 	false,
+		// },
 		{
 			"successful shim uninstallation",
 			fields{

From 93f9e606caba9e8be52ff0e1ce6c568981d36df7 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Sun, 19 May 2024 21:18:37 +0200
Subject: [PATCH 12/16] update download_shim.sh

---
 images/downloader/Dockerfile       | 2 +-
 images/downloader/download_shim.sh | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/images/downloader/Dockerfile b/images/downloader/Dockerfile
index 555c6925..4d1d1872 100644
--- a/images/downloader/Dockerfile
+++ b/images/downloader/Dockerfile
@@ -1,5 +1,5 @@
 FROM alpine:3.19.1
 
-RUN apk add curl bash
+RUN apk add --no-cache curl bash tar
 COPY download_shim.sh /download_shim.sh
 CMD bash /download_shim.sh
diff --git a/images/downloader/download_shim.sh b/images/downloader/download_shim.sh
index 77668163..33ab25b3 100755
--- a/images/downloader/download_shim.sh
+++ b/images/downloader/download_shim.sh
@@ -23,7 +23,9 @@ log "start downloading shim from  ${SHIM_LOCATION}..." "INFO"
 
 mkdir -p /assets
 
-curl -sL "${SHIM_LOCATION}"  | tar -xzf - -C /assets
+# overwrite default name of shim binary; use the name of shim resource instead
+# to enable installing multiple versions of the same shim
+curl -sL "${SHIM_LOCATION}"  | tar --transform "s/containerd-shim-.*/containerd-shim-${SHIM_NAME}/" -xzf - -C /assets
 log "download successful:" "INFO"
 
 ls -lah /assets

From 9241762cf408cb24ea09dd8d06f8875a4543511c Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Sun, 19 May 2024 22:02:47 +0200
Subject: [PATCH 13/16] add opconfig for job manifest creation

---
 internal/controller/shim_controller.go | 72 +++++++++++++++++++-------
 1 file changed, 53 insertions(+), 19 deletions(-)

diff --git a/internal/controller/shim_controller.go b/internal/controller/shim_controller.go
index 846f3dbb..e2826614 100644
--- a/internal/controller/shim_controller.go
+++ b/internal/controller/shim_controller.go
@@ -56,6 +56,14 @@ type ShimReconciler struct {
 	Scheme *runtime.Scheme
 }
 
+// configuration for INSTALL or UNINSTALL jobs
+type opConfig struct {
+	operation     string
+	privileged    bool
+	initContainer []corev1.Container
+	args          []string
+}
+
 //+kubebuilder:rbac:groups=runtime.kwasm.sh,resources=shims,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=runtime.kwasm.sh,resources=shims/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=runtime.kwasm.sh,resources=shims/finalizers,verbs=update
@@ -301,7 +309,7 @@ func (sr *ShimReconciler) deployJobOnNode(ctx context.Context, shim *rcmv1.Shim,
 
 	// We rely on controller-runtime to rate limit us.
 	if err := sr.Client.Patch(ctx, job, patchMethod, patchOptions); err != nil {
-		log.Error().Msgf("Unable to reconcile Job %s", err)
+		log.Error().Msgf("Unable to reconcile Job: %s", err)
 		if err := sr.updateNodeLabels(ctx, &node, shim, "failed"); err != nil {
 			log.Error().Msgf("Unable to update node label %s: %s", shim.Name, err)
 		}
@@ -321,23 +329,20 @@ func (sr *ShimReconciler) updateNodeLabels(ctx context.Context, node *corev1.Nod
 	return nil
 }
 
-// createJobManifest creates a Job manifest for a Shim.
-func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, operation string) (*batchv1.Job, error) {
-	priv := true
-	name := node.Name + "-" + shim.Name + "-" + operation
-	nameMax := int(math.Min(float64(len(name)), 63))
-
-	initContainer := []corev1.Container{{}}
-	args := []string{"uninstall"}
-
-	if operation == INSTALL {
-		initContainer = []corev1.Container{{
-			Image: "ghcr.io/spinkube/shim-downloader:latest",
+// setOperationConfiguration sets operation specific configuration for the job manifest
+func (sr *ShimReconciler) setOperationConfiguration(shim *rcmv1.Shim, opConfig *opConfig) {
+	if opConfig.operation == INSTALL {
+		opConfig.initContainer = []corev1.Container{{
+			Image: os.Getenv("SHIM_DOWNLOADER_IMAGE"),
 			Name:  "downloader",
 			SecurityContext: &corev1.SecurityContext{
-				Privileged: &priv,
+				Privileged: &opConfig.privileged,
 			},
 			Env: []corev1.EnvVar{
+				{
+					Name:  "SHIM_NAME",
+					Value: shim.Name,
+				},
 				{
 					Name:  "SHIM_LOCATION",
 					Value: shim.Spec.FetchStrategy.AnonHTTP.Location,
@@ -350,14 +355,43 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node,
 				},
 			},
 		}}
-		args = []string{
+		opConfig.args = []string{
 			"install",
 			"-H",
 			"/mnt/node-root",
+			"-r",
+			shim.Name,
+		}
+	}
+
+	if opConfig.operation == UNINSTALL {
+		opConfig.initContainer = nil
+		opConfig.args = []string{
+			"uninstall",
+			"-H",
+			"/mnt/node-root",
+			"-r",
+			shim.Name,
 		}
 	}
+}
+
+// createJobManifest creates a Job manifest for a Shim.
+func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, operation string) (*batchv1.Job, error) {
+	opConfig := opConfig{
+		operation:  operation,
+		privileged: true,
+	}
+	sr.setOperationConfiguration(shim, &opConfig)
+
+	name := node.Name + "-" + shim.Name + "-" + operation
+	nameMax := int(math.Min(float64(len(name)), 63))
 
 	job := &batchv1.Job{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "batch/v1",
+			Kind:       "Job",
+		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name[:nameMax],
 			Namespace: os.Getenv("CONTROLLER_NAMESPACE"),
@@ -391,13 +425,13 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node,
 							},
 						},
 					},
-					InitContainers: initContainer,
+					InitContainers: opConfig.initContainer,
 					Containers: []corev1.Container{{
-						Image: "ghcr.io/spinkube/node-installer:latest",
-						Args:  args,
+						Image: os.Getenv("SHIM_NODE_INSTALLER_IMAGE"),
+						Args:  opConfig.args,
 						Name:  "provisioner",
 						SecurityContext: &corev1.SecurityContext{
-							Privileged: &priv,
+							Privileged: &opConfig.privileged,
 						},
 						Env: []corev1.EnvVar{
 							{

From 7ce7569292c0e3585e9310f128c61f28bb1f70cc Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Sun, 19 May 2024 22:59:56 +0200
Subject: [PATCH 14/16] update spin shim test resource

---
 config/samples/test_shim_spin.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/samples/test_shim_spin.yaml b/config/samples/test_shim_spin.yaml
index d4c57712..82b81180 100644
--- a/config/samples/test_shim_spin.yaml
+++ b/config/samples/test_shim_spin.yaml
@@ -1,10 +1,10 @@
 apiVersion: runtime.kwasm.sh/v1alpha1 
 kind: Shim
 metadata:
-  name: wasmtime-spin-v2
+  name: spin-v2
   labels:
-    app.kubernetes.io/name: wasmtime-spin-v2
-    app.kubernetes.io/instance: wasmtime-spin-v2
+    app.kubernetes.io/name: spin-v2
+    app.kubernetes.io/instance: spin-v2
     app.kubernetes.io/part-of: kwasm-operator
     app.kubernetes.io/managed-by: kustomize
     app.kubernetes.io/created-by: kwasm-operator
@@ -15,10 +15,10 @@ spec:
   fetchStrategy:
     type: annonymousHttp
     anonHttp:
-      location: "https://github.com/deislabs/containerd-wasm-shims/releases/download/v0.10.0/containerd-wasm-shims-v2-spin-linux-aarch64.tar.gz"
+      location: "https://github.com/spinkube/containerd-shim-spin/releases/download/v0.14.1/containerd-shim-spin-v2-linux-aarch64.tar.gz"
 
   runtimeClass:
-    name: wasmtime-spin-v2
+    name: spin-v2
     handler: spin
 
   rolloutStrategy:

From ff5edbd36979095f4cf81f3ee56e5602448be3b8 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Mon, 20 May 2024 21:24:13 +0200
Subject: [PATCH 15/16] bring test back

---
 internal/shim/uninstall_test.go | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/internal/shim/uninstall_test.go b/internal/shim/uninstall_test.go
index aff13e1c..8f72050d 100644
--- a/internal/shim/uninstall_test.go
+++ b/internal/shim/uninstall_test.go
@@ -48,16 +48,16 @@ func TestConfig_Uninstall(t *testing.T) {
 		// 	"",
 		// 	false,
 		// },
-		// {
-		// 	"missing shim binary",
-		// 	fields{
-		// 		tests.FixtureFs("../../testdata/node-installer/shim-missing-binary"),
-		// 		"/opt/kwasm",
-		// 	},
-		// 	args{"spin-v1"},
-		// 	"/opt/kwasm/bin/containerd-shim-spin-v1",
-		// 	false,
-		// },
+		{
+			"missing shim binary",
+			fields{
+				tests.FixtureFs("../../testdata/node-installer/shim-missing-binary"),
+				"/opt/kwasm",
+			},
+			args{"spin-v1"},
+			"/opt/kwasm/bin/containerd-shim-spin-v1",
+			false,
+		},
 		{
 			"successful shim uninstallation",
 			fields{

From cd16a63825c8f3c9cb01f1ac1571619cf29e1a73 Mon Sep 17 00:00:00 2001
From: Christoph Voigt <voigt.christoph@gmail.com>
Date: Mon, 20 May 2024 22:19:25 +0200
Subject: [PATCH 16/16] let uninstall exit with 0

---
 cmd/node-installer/uninstall.go |  8 +++++---
 internal/shim/uninstall.go      |  7 +------
 internal/shim/uninstall_test.go | 20 ++++++++++----------
 3 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/cmd/node-installer/uninstall.go b/cmd/node-installer/uninstall.go
index 7643e39f..a30bbafd 100644
--- a/cmd/node-installer/uninstall.go
+++ b/cmd/node-installer/uninstall.go
@@ -39,8 +39,10 @@ var uninstallCmd = &cobra.Command{
 		restarter := containerd.NewRestarter()
 
 		if err := RunUninstall(config, rootFs, hostFs, restarter); err != nil {
-			slog.Error("failed to uninstall", "error", err)
-			os.Exit(1)
+			slog.Error("failed to uninstall shim", "error", err)
+
+			// Exiting with 0 to prevent Kubernetes Jobs from running repetitively
+			os.Exit(0)
 		}
 	},
 }
@@ -50,7 +52,7 @@ func init() {
 }
 
 func RunUninstall(config Config, rootFs, hostFs afero.Fs, restarter containerd.Restarter) error {
-	slog.Info("uninstall called")
+	slog.Info("uninstall called", "shim", config.Runtime.Name)
 	shimName := config.Runtime.Name
 	runtimeName := path.Join(config.Kwasm.Path, "bin", shimName)
 
diff --git a/internal/shim/uninstall.go b/internal/shim/uninstall.go
index 78547250..cc98ee75 100644
--- a/internal/shim/uninstall.go
+++ b/internal/shim/uninstall.go
@@ -3,7 +3,6 @@ package shim
 import (
 	"errors"
 	"fmt"
-	"log/slog"
 	"os"
 
 	"github.com/spinkube/runtime-class-manager/internal/state"
@@ -16,8 +15,6 @@ func (c *Config) Uninstall(shimName string) (string, error) {
 	}
 	s, ok := st.Shims[shimName]
 	if !ok {
-		slog.Error("shim not installed", "shim", shimName)
-		os.Exit(0)
 		return "", fmt.Errorf("shim %s not installed", shimName)
 	}
 	filePath := s.Path
@@ -25,9 +22,7 @@ func (c *Config) Uninstall(shimName string) (string, error) {
 	err = c.hostFs.Remove(filePath)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
-			slog.Error("shim binary did not exist, nothing to delete")
-			os.Exit(0)
-			return "", fmt.Errorf("shim binary did not exist, nothing to delete")
+			return "", fmt.Errorf("shim binary at %s does not exist, nothing to delete", filePath)
 		}
 	}
 	st.RemoveShim(shimName)
diff --git a/internal/shim/uninstall_test.go b/internal/shim/uninstall_test.go
index 8f72050d..94b861b8 100644
--- a/internal/shim/uninstall_test.go
+++ b/internal/shim/uninstall_test.go
@@ -38,16 +38,16 @@ func TestConfig_Uninstall(t *testing.T) {
 		want    string
 		wantErr bool
 	}{
-		// {
-		// 	"shim not installed",
-		// 	fields{
-		// 		tests.FixtureFs("../../testdata/node-installer/shim"),
-		// 		"/opt/kwasm",
-		// 	},
-		// 	args{"not-existing-shim"},
-		// 	"",
-		// 	false,
-		// },
+		{
+			"shim not installed",
+			fields{
+				tests.FixtureFs("../../testdata/node-installer/shim"),
+				"/opt/kwasm",
+			},
+			args{"not-existing-shim"},
+			"",
+			true,
+		},
 		{
 			"missing shim binary",
 			fields{