From 1e681a14ea27129793f39f88342f190ac6006da3 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Thu, 21 Mar 2024 11:12:22 +0100 Subject: [PATCH 01/16] add shim downloader script --- .github/workflows/downloader-build.yml | 44 ++++++++++++++++++++++++++ images/downloader/Dockerfile | 5 +++ images/downloader/download_shim.sh | 29 +++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 .github/workflows/downloader-build.yml create mode 100644 images/downloader/Dockerfile create mode 100755 images/downloader/download_shim.sh diff --git a/.github/workflows/downloader-build.yml b/.github/workflows/downloader-build.yml new file mode 100644 index 00000000..9fb0c1ba --- /dev/null +++ b/.github/workflows/downloader-build.yml @@ -0,0 +1,44 @@ +name: Build installer image, sign it, and generate SBOMs + +on: + workflow_call: + outputs: + digest: + description: "Container image digest" + value: ${{jobs.build.outputs.digest}} + + push: + branches: + - "main" + - "feat-**" + +jobs: + build: + uses: ./.github/workflows/container-image.yml + permissions: + contents: read + packages: write + with: + image-name: shim-downloader + dockerfile: ./images/downloader/Dockerfile + push-image: true + + sign: + needs: build + uses: ./.github/workflows/sign-image.yml + permissions: + packages: write + id-token: write + with: + image-repository: ${{ needs.build.outputs.repository }} + image-digest: ${{ needs.build.outputs.digest }} + + sbom: + needs: build + uses: ./.github/workflows/sbom.yml + permissions: + packages: write + id-token: write + with: + image-name: node-installer + image-digest: ${{ needs.build.outputs.digest }} diff --git a/images/downloader/Dockerfile b/images/downloader/Dockerfile new file mode 100644 index 00000000..555c6925 --- /dev/null +++ b/images/downloader/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:3.19.1 + +RUN apk add curl bash +COPY download_shim.sh /download_shim.sh +CMD bash /download_shim.sh diff --git a/images/downloader/download_shim.sh b/images/downloader/download_shim.sh new file mode 100755 index 00000000..77668163 --- /dev/null +++ b/images/downloader/download_shim.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +set -euo pipefail + +declare -A levels=([DEBUG]=0 [INFO]=1 [WARN]=2 [ERROR]=3) +script_logging_level="INFO" + +log() { + local log_message=$1 + local log_priority=$2 + + #check if level exists + [[ ${levels[$log_priority]} ]] || return 1 + + #check if level is enough + (( ${levels[$log_priority]} < ${levels[$script_logging_level]} )) && return 2 + + #log here + d=$(date '+%Y-%m-%dT%H:%M:%S') + echo -e "${d}\t${log_priority}\t${log_message}" +} + +log "start downloading shim from ${SHIM_LOCATION}..." "INFO" + +mkdir -p /assets + +curl -sL "${SHIM_LOCATION}" | tar -xzf - -C /assets +log "download successful:" "INFO" + +ls -lah /assets From 3a3effc382a0fced06094066668710c7dccc7183 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Thu, 21 Mar 2024 16:58:42 +0100 Subject: [PATCH 02/16] add node-installer and shim-downloader to install job --- internal/controller/shim_controller.go | 69 ++++++++++++++++++-------- 1 file changed, 49 insertions(+), 20 deletions(-) diff --git a/internal/controller/shim_controller.go b/internal/controller/shim_controller.go index 75978154..d8dad972 100644 --- a/internal/controller/shim_controller.go +++ b/internal/controller/shim_controller.go @@ -327,6 +327,36 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, name := node.Name + "-" + shim.Name + "-" + operation nameMax := int(math.Min(float64(len(name)), 63)) + initContainer := []corev1.Container{{}} + args := []string{"uninstall"} + + if operation == INSTALL { + initContainer = []corev1.Container{{ + Image: "ghcr.io/spinkube/shim-downloader:latest", + Name: "downloader", + SecurityContext: &corev1.SecurityContext{ + Privileged: &priv, + }, + Env: []corev1.EnvVar{ + { + Name: "SHIM_LOCATION", + Value: shim.Spec.FetchStrategy.AnonHTTP.Location, + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "shim-download", + MountPath: "/assets", + }, + }, + }} + args = []string{ + "install", + "-H", + "/mnt/node-root", + } + } + job := &batchv1.Job{ ObjectMeta: metav1.ObjectMeta{ Name: name[:nameMax], @@ -348,37 +378,32 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, Spec: corev1.PodSpec{ NodeName: node.Name, HostPID: true, - Volumes: []corev1.Volume{{ - Name: "root-mount", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/", + Volumes: []corev1.Volume{ + { + Name: "shim-download", + }, + { + Name: "root-mount", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/", + }, }, }, - }}, + }, + InitContainers: initContainer, Containers: []corev1.Container{{ - Image: "voigt/kwasm-node-installer:" + operation, + Image: "ghcr.io/spinkube/node-installer:latest", + Args: args, Name: "provisioner", SecurityContext: &corev1.SecurityContext{ Privileged: &priv, }, Env: []corev1.EnvVar{ { - Name: "NODE_ROOT", + Name: "HOST_ROOT", Value: "/mnt/node-root", }, - { - Name: "SHIM_LOCATION", - Value: shim.Spec.FetchStrategy.AnonHTTP.Location, - }, - { - Name: "RUNTIMECLASS_NAME", - Value: shim.Spec.RuntimeClass.Name, - }, - { - Name: "RUNTIMECLASS_HANDLER", - Value: shim.Spec.RuntimeClass.Handler, - }, { Name: "SHIM_FETCH_STRATEGY", Value: "/mnt/node-root", @@ -389,6 +414,10 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, Name: "root-mount", MountPath: "/mnt/node-root", }, + { + Name: "shim-download", + MountPath: "/assets", + }, }, }}, RestartPolicy: corev1.RestartPolicyNever, From a08b2282acd436d9c0cf87de95c13c904e774910 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Thu, 21 Mar 2024 17:10:28 +0100 Subject: [PATCH 03/16] fix docker build context --- .github/workflows/downloader-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/downloader-build.yml b/.github/workflows/downloader-build.yml index 9fb0c1ba..5b6586de 100644 --- a/.github/workflows/downloader-build.yml +++ b/.github/workflows/downloader-build.yml @@ -21,6 +21,7 @@ jobs: with: image-name: shim-downloader dockerfile: ./images/downloader/Dockerfile + docker-context: ./images/downloader push-image: true sign: From 0f5653a582eb6a6ede456798b7bc97a403fad2e0 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Thu, 21 Mar 2024 17:16:58 +0100 Subject: [PATCH 04/16] fix sbom --- .github/workflows/downloader-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/downloader-build.yml b/.github/workflows/downloader-build.yml index 5b6586de..c3dcff29 100644 --- a/.github/workflows/downloader-build.yml +++ b/.github/workflows/downloader-build.yml @@ -1,4 +1,4 @@ -name: Build installer image, sign it, and generate SBOMs +name: Build shim-downloader image, sign it, and generate SBOMs on: workflow_call: @@ -41,5 +41,5 @@ jobs: packages: write id-token: write with: - image-name: node-installer + image-name: shim-downloader image-digest: ${{ needs.build.outputs.digest }} From 9fbb55cfac05f9ef8c0c38edb47f9ce3ce07bbe6 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Fri, 17 May 2024 21:35:36 +0200 Subject: [PATCH 05/16] add downloader to depandabot --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 304bf341..65c4efa7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,6 +12,12 @@ updates: interval: "weekly" labels: - "area/dependencies" + - package-ecosystem: docker + directory: "/images/downloader" + schedule: + interval: "weekly" + labels: + - "area/dependencies" - package-ecosystem: "github-actions" directory: "/" schedule: From edf549e2075895619ce2542962b1909908bc1762 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Fri, 17 May 2024 21:49:12 +0200 Subject: [PATCH 06/16] fix deploy runtimeclass --- internal/controller/shim_controller.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/internal/controller/shim_controller.go b/internal/controller/shim_controller.go index d8dad972..846f3dbb 100644 --- a/internal/controller/shim_controller.go +++ b/internal/controller/shim_controller.go @@ -472,6 +472,10 @@ func (sr *ShimReconciler) createRuntimeClassManifest(shim *rcmv1.Shim) (*nodev1. } runtimeClass := &nodev1.RuntimeClass{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "node.k8s.io/v1", + Kind: "RuntimeClass", + }, ObjectMeta: metav1.ObjectMeta{ Name: name[:nameMax], Labels: map[string]string{name[:nameMax]: "true"}, From 83f2ef8b82a6f2271e65e8a98e8c123e05fe018e Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Fri, 17 May 2024 21:49:22 +0200 Subject: [PATCH 07/16] fix debug settings --- .vscode/launch.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index cab3bb19..1c825954 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -9,7 +9,7 @@ "type": "go", "request": "launch", "mode": "auto", - "program": "./cmd/main.go" + "program": "./cmd/rcm/main.go" } ] } \ No newline at end of file From 37270d1f1ccdf01b86b44655e163900891f62e7d Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Fri, 17 May 2024 23:32:46 +0200 Subject: [PATCH 08/16] improve uninstall semantics --- cmd/node-installer/uninstall.go | 2 +- internal/shim/uninstall.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/node-installer/uninstall.go b/cmd/node-installer/uninstall.go index aecbe0ab..7643e39f 100644 --- a/cmd/node-installer/uninstall.go +++ b/cmd/node-installer/uninstall.go @@ -64,7 +64,7 @@ func RunUninstall(config Config, rootFs, hostFs afero.Fs, restarter containerd.R configChanged, err := containerdConfig.RemoveRuntime(binPath) if err != nil { - return fmt.Errorf("failed to write conteainerd config for shim '%s': %w", runtimeName, err) + return fmt.Errorf("failed to write containerd config for shim '%s': %w", runtimeName, err) } if !configChanged { diff --git a/internal/shim/uninstall.go b/internal/shim/uninstall.go index cbc37f9e..0e3b1ad2 100644 --- a/internal/shim/uninstall.go +++ b/internal/shim/uninstall.go @@ -15,8 +15,8 @@ func (c *Config) Uninstall(shimName string) (string, error) { } s, ok := st.Shims[shimName] if !ok { - slog.Warn("shim not installed", "shim", shimName) - return "", nil + slog.Error("shim not installed", "shim", shimName) + return "", err } filePath := s.Path @@ -25,7 +25,7 @@ func (c *Config) Uninstall(shimName string) (string, error) { if !errors.Is(err, os.ErrNotExist) { return "", err } - slog.Warn("shim binary did not exist, nothing to delete") + slog.Error("shim binary did not exist, nothing to delete") } st.RemoveShim(shimName) if err = st.Write(); err != nil { From e4275ab9a1b4bef33f959295d2dd28b703e3a5b6 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Sat, 18 May 2024 00:09:33 +0200 Subject: [PATCH 09/16] let uninstall throw proper errors --- internal/shim/uninstall.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/shim/uninstall.go b/internal/shim/uninstall.go index 0e3b1ad2..61ca0963 100644 --- a/internal/shim/uninstall.go +++ b/internal/shim/uninstall.go @@ -2,6 +2,7 @@ package shim import ( "errors" + "fmt" "log/slog" "os" @@ -16,16 +17,15 @@ func (c *Config) Uninstall(shimName string) (string, error) { s, ok := st.Shims[shimName] if !ok { slog.Error("shim not installed", "shim", shimName) - return "", err + return "", fmt.Errorf("shim %s not installed", shimName) } filePath := s.Path err = c.hostFs.Remove(filePath) if err != nil { if !errors.Is(err, os.ErrNotExist) { - return "", err + return "", fmt.Errorf("shim binary did not exist, nothing to delete") } - slog.Error("shim binary did not exist, nothing to delete") } st.RemoveShim(shimName) if err = st.Write(); err != nil { From 543ff7f6b0a7d967a2fbcf6c31d2594ef91ed3b1 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Sat, 18 May 2024 00:11:58 +0200 Subject: [PATCH 10/16] fix --- internal/shim/uninstall.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/shim/uninstall.go b/internal/shim/uninstall.go index 61ca0963..78547250 100644 --- a/internal/shim/uninstall.go +++ b/internal/shim/uninstall.go @@ -17,6 +17,7 @@ func (c *Config) Uninstall(shimName string) (string, error) { s, ok := st.Shims[shimName] if !ok { slog.Error("shim not installed", "shim", shimName) + os.Exit(0) return "", fmt.Errorf("shim %s not installed", shimName) } filePath := s.Path @@ -24,6 +25,8 @@ func (c *Config) Uninstall(shimName string) (string, error) { err = c.hostFs.Remove(filePath) if err != nil { if !errors.Is(err, os.ErrNotExist) { + slog.Error("shim binary did not exist, nothing to delete") + os.Exit(0) return "", fmt.Errorf("shim binary did not exist, nothing to delete") } } From fc1500bf107b5b24ef3b25fecde0bb1df2df3cf7 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Sat, 18 May 2024 00:17:55 +0200 Subject: [PATCH 11/16] quick fix --- internal/shim/uninstall_test.go | 40 ++++++++++++++++----------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/internal/shim/uninstall_test.go b/internal/shim/uninstall_test.go index c86776c8..aff13e1c 100644 --- a/internal/shim/uninstall_test.go +++ b/internal/shim/uninstall_test.go @@ -38,26 +38,26 @@ func TestConfig_Uninstall(t *testing.T) { want string wantErr bool }{ - { - "shim not installed", - fields{ - tests.FixtureFs("../../testdata/node-installer/shim"), - "/opt/kwasm", - }, - args{"not-existing-shim"}, - "", - false, - }, - { - "missing shim binary", - fields{ - tests.FixtureFs("../../testdata/node-installer/shim-missing-binary"), - "/opt/kwasm", - }, - args{"spin-v1"}, - "/opt/kwasm/bin/containerd-shim-spin-v1", - false, - }, + // { + // "shim not installed", + // fields{ + // tests.FixtureFs("../../testdata/node-installer/shim"), + // "/opt/kwasm", + // }, + // args{"not-existing-shim"}, + // "", + // false, + // }, + // { + // "missing shim binary", + // fields{ + // tests.FixtureFs("../../testdata/node-installer/shim-missing-binary"), + // "/opt/kwasm", + // }, + // args{"spin-v1"}, + // "/opt/kwasm/bin/containerd-shim-spin-v1", + // false, + // }, { "successful shim uninstallation", fields{ From 93f9e606caba9e8be52ff0e1ce6c568981d36df7 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Sun, 19 May 2024 21:18:37 +0200 Subject: [PATCH 12/16] update download_shim.sh --- images/downloader/Dockerfile | 2 +- images/downloader/download_shim.sh | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/images/downloader/Dockerfile b/images/downloader/Dockerfile index 555c6925..4d1d1872 100644 --- a/images/downloader/Dockerfile +++ b/images/downloader/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3.19.1 -RUN apk add curl bash +RUN apk add --no-cache curl bash tar COPY download_shim.sh /download_shim.sh CMD bash /download_shim.sh diff --git a/images/downloader/download_shim.sh b/images/downloader/download_shim.sh index 77668163..33ab25b3 100755 --- a/images/downloader/download_shim.sh +++ b/images/downloader/download_shim.sh @@ -23,7 +23,9 @@ log "start downloading shim from ${SHIM_LOCATION}..." "INFO" mkdir -p /assets -curl -sL "${SHIM_LOCATION}" | tar -xzf - -C /assets +# overwrite default name of shim binary; use the name of shim resource instead +# to enable installing multiple versions of the same shim +curl -sL "${SHIM_LOCATION}" | tar --transform "s/containerd-shim-.*/containerd-shim-${SHIM_NAME}/" -xzf - -C /assets log "download successful:" "INFO" ls -lah /assets From 9241762cf408cb24ea09dd8d06f8875a4543511c Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Sun, 19 May 2024 22:02:47 +0200 Subject: [PATCH 13/16] add opconfig for job manifest creation --- internal/controller/shim_controller.go | 72 +++++++++++++++++++------- 1 file changed, 53 insertions(+), 19 deletions(-) diff --git a/internal/controller/shim_controller.go b/internal/controller/shim_controller.go index 846f3dbb..e2826614 100644 --- a/internal/controller/shim_controller.go +++ b/internal/controller/shim_controller.go @@ -56,6 +56,14 @@ type ShimReconciler struct { Scheme *runtime.Scheme } +// configuration for INSTALL or UNINSTALL jobs +type opConfig struct { + operation string + privileged bool + initContainer []corev1.Container + args []string +} + //+kubebuilder:rbac:groups=runtime.kwasm.sh,resources=shims,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=runtime.kwasm.sh,resources=shims/status,verbs=get;update;patch //+kubebuilder:rbac:groups=runtime.kwasm.sh,resources=shims/finalizers,verbs=update @@ -301,7 +309,7 @@ func (sr *ShimReconciler) deployJobOnNode(ctx context.Context, shim *rcmv1.Shim, // We rely on controller-runtime to rate limit us. if err := sr.Client.Patch(ctx, job, patchMethod, patchOptions); err != nil { - log.Error().Msgf("Unable to reconcile Job %s", err) + log.Error().Msgf("Unable to reconcile Job: %s", err) if err := sr.updateNodeLabels(ctx, &node, shim, "failed"); err != nil { log.Error().Msgf("Unable to update node label %s: %s", shim.Name, err) } @@ -321,23 +329,20 @@ func (sr *ShimReconciler) updateNodeLabels(ctx context.Context, node *corev1.Nod return nil } -// createJobManifest creates a Job manifest for a Shim. -func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, operation string) (*batchv1.Job, error) { - priv := true - name := node.Name + "-" + shim.Name + "-" + operation - nameMax := int(math.Min(float64(len(name)), 63)) - - initContainer := []corev1.Container{{}} - args := []string{"uninstall"} - - if operation == INSTALL { - initContainer = []corev1.Container{{ - Image: "ghcr.io/spinkube/shim-downloader:latest", +// setOperationConfiguration sets operation specific configuration for the job manifest +func (sr *ShimReconciler) setOperationConfiguration(shim *rcmv1.Shim, opConfig *opConfig) { + if opConfig.operation == INSTALL { + opConfig.initContainer = []corev1.Container{{ + Image: os.Getenv("SHIM_DOWNLOADER_IMAGE"), Name: "downloader", SecurityContext: &corev1.SecurityContext{ - Privileged: &priv, + Privileged: &opConfig.privileged, }, Env: []corev1.EnvVar{ + { + Name: "SHIM_NAME", + Value: shim.Name, + }, { Name: "SHIM_LOCATION", Value: shim.Spec.FetchStrategy.AnonHTTP.Location, @@ -350,14 +355,43 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, }, }, }} - args = []string{ + opConfig.args = []string{ "install", "-H", "/mnt/node-root", + "-r", + shim.Name, + } + } + + if opConfig.operation == UNINSTALL { + opConfig.initContainer = nil + opConfig.args = []string{ + "uninstall", + "-H", + "/mnt/node-root", + "-r", + shim.Name, } } +} + +// createJobManifest creates a Job manifest for a Shim. +func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, operation string) (*batchv1.Job, error) { + opConfig := opConfig{ + operation: operation, + privileged: true, + } + sr.setOperationConfiguration(shim, &opConfig) + + name := node.Name + "-" + shim.Name + "-" + operation + nameMax := int(math.Min(float64(len(name)), 63)) job := &batchv1.Job{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "batch/v1", + Kind: "Job", + }, ObjectMeta: metav1.ObjectMeta{ Name: name[:nameMax], Namespace: os.Getenv("CONTROLLER_NAMESPACE"), @@ -391,13 +425,13 @@ func (sr *ShimReconciler) createJobManifest(shim *rcmv1.Shim, node *corev1.Node, }, }, }, - InitContainers: initContainer, + InitContainers: opConfig.initContainer, Containers: []corev1.Container{{ - Image: "ghcr.io/spinkube/node-installer:latest", - Args: args, + Image: os.Getenv("SHIM_NODE_INSTALLER_IMAGE"), + Args: opConfig.args, Name: "provisioner", SecurityContext: &corev1.SecurityContext{ - Privileged: &priv, + Privileged: &opConfig.privileged, }, Env: []corev1.EnvVar{ { From 7ce7569292c0e3585e9310f128c61f28bb1f70cc Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Sun, 19 May 2024 22:59:56 +0200 Subject: [PATCH 14/16] update spin shim test resource --- config/samples/test_shim_spin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/samples/test_shim_spin.yaml b/config/samples/test_shim_spin.yaml index d4c57712..82b81180 100644 --- a/config/samples/test_shim_spin.yaml +++ b/config/samples/test_shim_spin.yaml @@ -1,10 +1,10 @@ apiVersion: runtime.kwasm.sh/v1alpha1 kind: Shim metadata: - name: wasmtime-spin-v2 + name: spin-v2 labels: - app.kubernetes.io/name: wasmtime-spin-v2 - app.kubernetes.io/instance: wasmtime-spin-v2 + app.kubernetes.io/name: spin-v2 + app.kubernetes.io/instance: spin-v2 app.kubernetes.io/part-of: kwasm-operator app.kubernetes.io/managed-by: kustomize app.kubernetes.io/created-by: kwasm-operator @@ -15,10 +15,10 @@ spec: fetchStrategy: type: annonymousHttp anonHttp: - location: "https://github.com/deislabs/containerd-wasm-shims/releases/download/v0.10.0/containerd-wasm-shims-v2-spin-linux-aarch64.tar.gz" + location: "https://github.com/spinkube/containerd-shim-spin/releases/download/v0.14.1/containerd-shim-spin-v2-linux-aarch64.tar.gz" runtimeClass: - name: wasmtime-spin-v2 + name: spin-v2 handler: spin rolloutStrategy: From ff5edbd36979095f4cf81f3ee56e5602448be3b8 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Mon, 20 May 2024 21:24:13 +0200 Subject: [PATCH 15/16] bring test back --- internal/shim/uninstall_test.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/internal/shim/uninstall_test.go b/internal/shim/uninstall_test.go index aff13e1c..8f72050d 100644 --- a/internal/shim/uninstall_test.go +++ b/internal/shim/uninstall_test.go @@ -48,16 +48,16 @@ func TestConfig_Uninstall(t *testing.T) { // "", // false, // }, - // { - // "missing shim binary", - // fields{ - // tests.FixtureFs("../../testdata/node-installer/shim-missing-binary"), - // "/opt/kwasm", - // }, - // args{"spin-v1"}, - // "/opt/kwasm/bin/containerd-shim-spin-v1", - // false, - // }, + { + "missing shim binary", + fields{ + tests.FixtureFs("../../testdata/node-installer/shim-missing-binary"), + "/opt/kwasm", + }, + args{"spin-v1"}, + "/opt/kwasm/bin/containerd-shim-spin-v1", + false, + }, { "successful shim uninstallation", fields{ From cd16a63825c8f3c9cb01f1ac1571619cf29e1a73 Mon Sep 17 00:00:00 2001 From: Christoph Voigt Date: Mon, 20 May 2024 22:19:25 +0200 Subject: [PATCH 16/16] let uninstall exit with 0 --- cmd/node-installer/uninstall.go | 8 +++++--- internal/shim/uninstall.go | 7 +------ internal/shim/uninstall_test.go | 20 ++++++++++---------- 3 files changed, 16 insertions(+), 19 deletions(-) diff --git a/cmd/node-installer/uninstall.go b/cmd/node-installer/uninstall.go index 7643e39f..a30bbafd 100644 --- a/cmd/node-installer/uninstall.go +++ b/cmd/node-installer/uninstall.go @@ -39,8 +39,10 @@ var uninstallCmd = &cobra.Command{ restarter := containerd.NewRestarter() if err := RunUninstall(config, rootFs, hostFs, restarter); err != nil { - slog.Error("failed to uninstall", "error", err) - os.Exit(1) + slog.Error("failed to uninstall shim", "error", err) + + // Exiting with 0 to prevent Kubernetes Jobs from running repetitively + os.Exit(0) } }, } @@ -50,7 +52,7 @@ func init() { } func RunUninstall(config Config, rootFs, hostFs afero.Fs, restarter containerd.Restarter) error { - slog.Info("uninstall called") + slog.Info("uninstall called", "shim", config.Runtime.Name) shimName := config.Runtime.Name runtimeName := path.Join(config.Kwasm.Path, "bin", shimName) diff --git a/internal/shim/uninstall.go b/internal/shim/uninstall.go index 78547250..cc98ee75 100644 --- a/internal/shim/uninstall.go +++ b/internal/shim/uninstall.go @@ -3,7 +3,6 @@ package shim import ( "errors" "fmt" - "log/slog" "os" "github.com/spinkube/runtime-class-manager/internal/state" @@ -16,8 +15,6 @@ func (c *Config) Uninstall(shimName string) (string, error) { } s, ok := st.Shims[shimName] if !ok { - slog.Error("shim not installed", "shim", shimName) - os.Exit(0) return "", fmt.Errorf("shim %s not installed", shimName) } filePath := s.Path @@ -25,9 +22,7 @@ func (c *Config) Uninstall(shimName string) (string, error) { err = c.hostFs.Remove(filePath) if err != nil { if !errors.Is(err, os.ErrNotExist) { - slog.Error("shim binary did not exist, nothing to delete") - os.Exit(0) - return "", fmt.Errorf("shim binary did not exist, nothing to delete") + return "", fmt.Errorf("shim binary at %s does not exist, nothing to delete", filePath) } } st.RemoveShim(shimName) diff --git a/internal/shim/uninstall_test.go b/internal/shim/uninstall_test.go index 8f72050d..94b861b8 100644 --- a/internal/shim/uninstall_test.go +++ b/internal/shim/uninstall_test.go @@ -38,16 +38,16 @@ func TestConfig_Uninstall(t *testing.T) { want string wantErr bool }{ - // { - // "shim not installed", - // fields{ - // tests.FixtureFs("../../testdata/node-installer/shim"), - // "/opt/kwasm", - // }, - // args{"not-existing-shim"}, - // "", - // false, - // }, + { + "shim not installed", + fields{ + tests.FixtureFs("../../testdata/node-installer/shim"), + "/opt/kwasm", + }, + args{"not-existing-shim"}, + "", + true, + }, { "missing shim binary", fields{