-
Notifications
You must be signed in to change notification settings - Fork 459
381 lines (341 loc) · 14.2 KB
/
containerd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
name: critest containerd
on:
push:
tags:
- "*"
branches:
- master
pull_request:
env:
GO_VERSION: "1.23"
jobs:
#
# Run CRI tests against containerd
#
build-and-critest-containerd:
strategy:
fail-fast: false
matrix:
# ╔══════════════════╤═══════════╤═════════╗
# ║ master / release │ ubuntu │ windows ║
# ╠══════════════════╪═══════════╪═════════╣
# ║ v1 shim │ runc │ ║
# ╟──────────────────┼───────────┼─────────╢
# ║ v2 shim │ runc/crun │ ║
# ╟──────────────────┼───────────┼─────────╢
# ║ hcshim │ │ runhcs ║
# ╚══════════════════╧═══════════╧═════════╝
os: [ubuntu-22.04, windows-2019]
# not every command likes the slash in branch name.
# So will use format command to replace to either `_` or '/'
version: [main, "release{0}1.6", "release{0}1.7"]
runtime:
[
io.containerd.runtime.v1.linux,
io.containerd.runc.v1,
io.containerd.runc.v2,
containerd-shim-runhcs-v1,
]
runc: [runc, crun]
exclude:
- runtime: io.containerd.runc.v1
os: windows-2019
- runtime: io.containerd.runc.v2
os: windows-2019
- runtime: io.containerd.runtime.v1.linux
os: windows-2019
- runtime: containerd-shim-runhcs-v1
os: ubuntu-22.04
- runtime: io.containerd.runc.v1
runc: crun
- runtime: io.containerd.runtime.v1.linux
runc: crun
- runc: crun
os: windows-2019
name: ${{ format(matrix.version, '/') }} / ${{ matrix.os }} / ${{matrix.runtime}} / ${{matrix.runc}}
runs-on: ${{ matrix.os }}
steps:
- name: Install Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: Set env
if: startsWith(matrix.os, 'windows')
shell: bash
run: |
echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
- name: Checkout containerd/containerd ${{ format(matrix.version, '/') }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: ${{ github.workspace }}/src/github.com/containerd/containerd
repository: containerd/containerd
ref: ${{ format(matrix.version, '/') }}
- name: Checkout Microsoft/hcsshim
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
if: startsWith(matrix.os, 'windows')
with:
repository: Microsoft/hcsshim
path: src/github.com/Microsoft/hcsshim
- name: Checkout cri-tools for this commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: ${{github.workspace}}/src/github.com/kubernetes-sigs/cri-tools
- name: Cache go modules and build cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/go/pkg/mod
~/.cache/go-build
'%LocalAppData%\go-build' # Windows
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: disable ipv6
if: startsWith(matrix.os, 'ubuntu')
run: |
sudo sysctl net.ipv6.conf.all.disable_ipv6=0
- name: Install Linux dependencies for containerd
if: startsWith(matrix.os, 'ubuntu')
run: |
sudo apt-get update
sudo apt-get install -y \
btrfs-progs \
libbtrfs-dev \
libseccomp2 \
libseccomp-dev \
socat
- name: Install containerd on Linux
if: startsWith(matrix.os, 'ubuntu')
run: |
make
sudo -E PATH=$PATH make install
working-directory: ${{ github.workspace }}/src/github.com/containerd/containerd
- name: Install containerd on Windows
shell: bash
if: startsWith(matrix.os, 'windows')
run: |
mingw32-make.exe
mingw32-make.exe install
working-directory: ${{ github.workspace }}/src/github.com/containerd/containerd
- name: Install cni on Linux
if: startsWith(matrix.os, 'ubuntu')
shell: bash
run: |
sudo -E PATH=$PATH script/setup/install-cni $(grep containernetworking/plugins go.mod | awk '{print $2}')
working-directory: src/github.com/containerd/containerd
- name: Install cni on Windows
if: startsWith(matrix.os, 'windows')
shell: bash
run: |
set -o errexit
set -o nounset
set -o pipefail
# WINCNI_BIN_DIR is the cni plugin directory
WINCNI_BIN_DIR="${WINCNI_BIN_DIR:-"C:\\Program Files\\containerd\\cni\\bin"}"
WINCNI_PKG=github.com/Microsoft/windows-container-networking
WINCNI_VERSION=aa10a0b31e9f72937063436454def1760b858ee2
# Create a temporary GOPATH for cni installation.
GOPATH="$(mktemp -d /tmp/cri-install-cni.XXXX)"
# Install cni
win_cni_src="${GOPATH}/src/${WINCNI_PKG}"
mkdir -p ${win_cni_src}
git clone https://${WINCNI_PKG} ${win_cni_src}
cd ${win_cni_src}
git checkout ${WINCNI_VERSION}
make all
install -D -m 755 "out/nat.exe" "${WINCNI_BIN_DIR}/nat.exe"
install -D -m 755 "out/sdnbridge.exe" "${WINCNI_BIN_DIR}/sdnbridge.exe"
install -D -m 755 "out/sdnoverlay.exe" "${WINCNI_BIN_DIR}/sdnoverlay.exe"
# Clean the tmp GOPATH dir.
rm -rf "${GOPATH}"
- name: Configure cni on Windows
if: startsWith(matrix.os, 'windows')
shell: bash
run: |
set -o errexit
set -o nounset
set -o pipefail
CNI_CONFIG_DIR="${CNI_CONFIG_DIR:-"C:\\Program Files\\containerd\\cni\\conf"}"
mkdir -p "${CNI_CONFIG_DIR}"
# split_ip splits ip into a 4-element array.
split_ip() {
local -r varname="$1"
local -r ip="$2"
for i in {0..3}; do
eval "$varname"[$i]=$( echo "$ip" | cut -d '.' -f $((i + 1)) )
done
}
# subnet gets subnet for a gateway, e.g. 192.168.100.0/24.
calculate_subnet() {
local -r gateway="$1"
local -r prefix_len="$2"
split_ip gateway_array "$gateway"
local len=$prefix_len
for i in {0..3}; do
if (( len >= 8 )); then
mask=255
elif (( len > 0 )); then
mask=$(( 256 - 2 ** ( 8 - len ) ))
else
mask=0
fi
(( len -= 8 ))
result_array[i]=$(( gateway_array[i] & mask ))
done
result="$(printf ".%s" "${result_array[@]}")"
result="${result:1}"
echo "$result/$((32 - prefix_len))"
}
# nat already exists on the Windows VM, the subnet and gateway
# we specify should match that.
gateway="$(powershell -c "(Get-NetIPAddress -InterfaceAlias 'vEthernet (nat)' -AddressFamily IPv4).IPAddress")"
prefix_len="$(powershell -c "(Get-NetIPAddress -InterfaceAlias 'vEthernet (nat)' -AddressFamily IPv4).PrefixLength")"
subnet="$(calculate_subnet "$gateway" "$prefix_len")"
# The "name" field in the config is used as the underlying
# network type right now (see
# https://github.com/microsoft/windows-container-networking/pull/45),
# so it must match a network type in:
# https://docs.microsoft.com/en-us/windows-server/networking/technologies/hcn/hcn-json-document-schemas
bash -c 'cat >"'"${CNI_CONFIG_DIR}"'"/0-containerd-nat.conf <<EOF
{
"cniVersion": "0.2.0",
"name": "nat",
"type": "nat",
"master": "Ethernet",
"ipam": {
"subnet": "'$subnet'",
"routes": [
{
"GW": "'$gateway'"
}
]
},
"capabilities": {
"portMappings": true,
"dns": true
}
}
EOF'
- name: Install ${{matrix.runc}} runtime engine on Linux
if: startsWith(matrix.os, 'ubuntu')
env:
RUNC_FLAVOR: ${{matrix.runc}}
run: |
sudo -E PATH=$PATH script/setup/install-runc
working-directory: src/github.com/containerd/containerd
- name: Build Windows container shims
# After Containerd 1.5 just a 'make' or 'make binaries' invocation will build the windows shim alongside the daemon, ctr, and
# other binaries so this step is only needed on < 1.6
if: startsWith(matrix.os, 'windows') && matrix.version != 'main'
shell: bash
run: |
set -o xtrace
export CGO_ENABLED=1
cd src/github.com/containerd/containerd
mingw32-make.exe binaries
bindir="$(pwd)"/bin
if [ -f "vendor.conf" ]; then
SHIM_COMMIT=$(grep 'Microsoft/hcsshim' vendor.conf | awk '{print $2}')
else
SHIM_COMMIT=$(grep 'Microsoft/hcsshim ' go.mod | awk '{print $2}')
fi
cd ../../Microsoft/hcsshim
git fetch --tags origin "${SHIM_COMMIT}"
git checkout "${SHIM_COMMIT}"
GO111MODULE=on go build -mod=vendor -o "${bindir}/containerd-shim-runhcs-v1.exe" ./cmd/containerd-shim-runhcs-v1
cp "${bindir}"/*.exe /usr/local/bin
- name: Build cri-tools on Linux
if: startsWith(matrix.os, 'ubuntu')
run: |
make
sudo -E PATH=$PATH make install
working-directory: ${{ github.workspace }}/src/github.com/kubernetes-sigs/cri-tools
- name: Build cri-tools on Windows
if: startsWith(matrix.os, 'windows')
run: |
make
make install
working-directory: ${{ github.workspace }}/src/github.com/kubernetes-sigs/cri-tools
- name: Install ginkgo on Linux
if: startsWith(matrix.os, 'ubuntu')
shell: bash
run: |
sudo chown -R $(id -u):$(id -g) $(go env GOPATH)
go install github.com/onsi/ginkgo/v2/ginkgo@latest
ginkgo version
sudo cp $(command -v ginkgo) /usr/local/bin
- name: Install ginkgo on Windows
if: startsWith(matrix.os, 'windows')
shell: bash
run: |
go install github.com/onsi/ginkgo/v2/ginkgo@latest
ginkgo version
cp $(command -v ginkgo) /usr/local/bin
- name: Run critest on Linux
if: startsWith(matrix.os, 'ubuntu')
shell: bash
run: |
set -o errexit
set -o nounset
set -o pipefail
set -x
BDIR="/var/lib/containerd-critest"
echo "containerd temp dir: ${BDIR}"
sudo mkdir -p ${BDIR}/{root,state}
sudo bash -c 'cat > ${BDIR}/config.toml <<EOF
version = 2
[plugins]
[plugins.cri.containerd.default_runtime]
runtime_type = \"${{matrix.runtime}}\"
EOF'
# Remove possibly existing containerd configuration
sudo rm -rf /etc/containerd
sudo PATH=$PATH bash -c "/usr/local/bin/containerd -a ${BDIR}/c.sock -root ${BDIR}/root -state ${BDIR}/state -log-level debug &> ${BDIR}/containerd-cri.log &"
sudo /usr/local/bin/ctr -a ${BDIR}/c.sock version
sudo /usr/local/sbin/runc --version
sudo mount
TEST_RC=0
sudo -E PATH=$PATH critest --ginkgo.vv --runtime-endpoint=unix:///${BDIR}/c.sock --parallel=8 || TEST_RC=$?
test $TEST_RC -ne 0 && cat ${BDIR}/containerd-cri.log
sudo pkill containerd
echo "CONTD_CRI_DIR=$BDIR" >> $GITHUB_ENV
test $TEST_RC -eq 0 || /bin/false
- name: Run critest on Windows
if: startsWith(matrix.os, 'windows')
shell: bash
run: |
set -o errexit
set -o nounset
set -o pipefail
export PATH="/usr/local/bin:$PATH"
FOCUS="${FOCUS:-"Conformance"}"
REPORT_DIR="${REPORT_DIR:-"c/_artifacts"}"
mkdir -p "${REPORT_DIR}"
containerd -log-level debug &> "${REPORT_DIR}/containerd-cri.log" &
pid=$!
ctr version
set +o errexit
critest --runtime-endpoint=npipe:////./pipe/containerd-containerd --ginkgo.focus="${FOCUS}" --report-dir="${REPORT_DIR}" --report-prefix="windows"
TEST_RC=$?
test $TEST_RC -ne 0 && cat ${REPORT_DIR}/containerd.log
set -o errexit
kill -9 $pid
echo "CONTD_CRI_DIR=$REPORT_DIR" >> $GITHUB_ENV
exit ${TEST_RC}
- name: Upload containerd ${{ format(matrix.version, '/') }} logs
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: containerd-${{ format(matrix.version, '_') }}-${{ matrix.os }}-${{matrix.runtime}}-${{matrix.runc}}-${{github.sha}}.log
path: ${{env.CONTD_CRI_DIR}}/containerd-cri.log
- name: Cleanup temp directory on Linux
if: startsWith(matrix.os, 'ubuntu')
shell: bash
run: |
echo "Cleanup temp directory ${{env.CONTD_CRI_DIR}} created for cri tests"
sudo rm -rf ${{env.CONTD_CRI_DIR}}
- name: Cleanup temp directory on Windows
if: startsWith(matrix.os, 'windows')
shell: bash
run: |
echo "Cleanup temp directory ${{env.CONTD_CRI_DIR}} created for cri tests"
rm -rf ${{env.CONTD_CRI_DIR}}