Merge pull request #5193 from openanolis/origin/kata-deploy

kata-deploy: ship the rustified runtime binary

tools/packaging/kata-deploy/README.md

@@ -81,6 +81,14 @@ which will ensure the workload is only scheduled on a node that has Kata Contain
 ```bash
   $ kubectl apply -f https://raw.githubusercontent.com/kata-containers/kata-containers/main/tools/packaging/kata-deploy/runtimeclasses/kata-runtimeClasses.yaml
 ```
+The following YAML snippet shows how to specify a workload should use Kata with `Dragonball`:
+
+```yaml
+spec:
+  template:
+    spec:
+      runtimeClassName: kata-dragonball
+```
 
 The following YAML snippet shows how to specify a workload should use Kata with Cloud Hypervisor:
 
@@ -108,6 +116,11 @@ spec:
     spec:
       runtimeClassName: kata-qemu
 ```
+To run an example with `kata-dragonball`:
+
+```bash
+$ kubectl apply -f https://raw.githubusercontent.com/kata-containers/kata-containers/main/tools/packaging/kata-deploy/examples/test-deploy-kata-dragonball.yaml
+```
 
 To run an example with `kata-clh`:
 
@@ -192,7 +205,7 @@ from the [Kata Containers release page](https://github.com/kata-containers/kata-
 
 Host artifacts:
 * `cloud-hypervisor`, `firecracker`, `qemu`, and supporting binaries
-* `containerd-shim-kata-v2`
+* `containerd-shim-kata-v2` (go runtime and rust runtime)
 * `kata-collect-data.sh`
 * `kata-runtime`
 

tools/packaging/kata-deploy/action/test-kata.sh

@@ -66,7 +66,7 @@ function run_test() {
     cmd="kubectl get pods | grep $busybox_pod | grep Completed"
     wait_time=120
 
-    configurations=("nginx-deployment-qemu" "nginx-deployment-clh")
+    configurations=("nginx-deployment-qemu" "nginx-deployment-clh" "nginx-deployment-dragonball")
     for deployment in "${configurations[@]}"; do
         # start the kata pod:
         kubectl apply -f "$YAMLPATH/examples/${deployment}.yaml"

tools/packaging/kata-deploy/examples/nginx-deployment-dragonball.yaml

@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment-dragonball
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      runtimeClassName: kata-dragonball
+      containers:
+      - name: nginx
+        image: nginx:1.14
+        ports:
+        - containerPort: 80

tools/packaging/kata-deploy/examples/test-deploy-kata-dragonball.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: php-apache-kata-dragonball
+  name: php-apache-kata-dragonball
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: php-apache-kata-dragonball
+  template:
+    metadata:
+      labels:
+        run: php-apache-kata-dragonball
+    spec:
+      runtimeClassName: kata-dragonball
+      containers:
+      - image: k8s.gcr.io/hpa-example
+        imagePullPolicy: Always
+        name: php-apache
+        ports:
+        - containerPort: 80
+          protocol: TCP
+        resources:
+          requests:
+            cpu: 200m
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: php-apache-kata-dragonball
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    run: php-apache-kata-dragonball
+  sessionAffinity: None
+  type: ClusterIP

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -154,7 +154,9 @@ install_virtiofsd() {
 #Install all components that are not assets
 install_shimv2() {
 	GO_VERSION="$(yq r ${versions_yaml} languages.golang.meta.newest-version)"
+	RUST_VERSION="$(yq r ${versions_yaml} languages.rust.meta.newest-version)"
 	export GO_VERSION
+	export RUST_VERSION
 	DESTDIR="${destdir}" PREFIX="${prefix}" "${shimv2_builder}"
 }
 
@@ -179,7 +181,7 @@ handle_build() {
 		install_shimv2
 		install_virtiofsd
 		;;
-
+	
 	cloud-hypervisor) install_clh ;;
 
 	firecracker) install_firecracker ;;
@@ -198,6 +200,7 @@ handle_build() {
 
 	virtiofsd) install_virtiofsd ;;
 
+	
 	*)
 		die "Invalid build target ${build_target}"
 		;;

tools/packaging/kata-deploy/runtimeclasses/kata-runtimeClasses.yaml

@@ -37,3 +37,16 @@ overhead:
 scheduling:
   nodeSelector:
     katacontainers.io/kata-runtime: "true"
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1
+metadata:
+    name: kata-dragonball
+handler: kata-dragonball
+overhead:
+    podFixed:
+        memory: "130Mi"
+        cpu: "250m"
+scheduling:
+  nodeSelector:
+    katacontainers.io/kata-runtime: "true"

tools/packaging/kata-deploy/scripts/kata-deploy.sh

@@ -17,6 +17,7 @@ shims=(
 	"fc"
 	"qemu"
 	"clh"
+	"dragonball"
 )
 
 default_shim="qemu"
@@ -57,6 +58,7 @@ function install_artifacts() {
 	echo "copying kata artifacts onto host"
 	cp -a /opt/kata-artifacts/opt/kata/* /opt/kata/
 	chmod +x /opt/kata/bin/*
+	chmod +x /opt/kata/runtime-rs/bin/*
 }
 
 function configure_cri_runtime() {
@@ -98,7 +100,11 @@ function configure_different_shims_base() {
 			fi
 		fi
 
-		ln -sf /opt/kata/bin/containerd-shim-kata-v2 "${shim_file}"
+		if [[ "${shim}" == "dragonball" ]]; then
+			ln -sf /opt/kata/runtime-rs/bin/containerd-shim-kata-v2 "${shim_file}"
+		else
+			ln -sf /opt/kata/bin/containerd-shim-kata-v2 "${shim_file}"
+		fi
 		chmod +x "$shim_file"
 
 		if [ "${shim}" == "${default_shim}" ]; then

tools/packaging/static-build/shim-v2/Dockerfile

@@ -13,10 +13,13 @@ RUN apt-get update && \
         gcc \
         git \
         make \
+        musl-tools \
         sudo && \
     apt-get clean && rm -rf /var/lib/apt/lists/
 
-COPY install_go.sh /usr/bin/install_go.sh
+COPY install_go_rust.sh /usr/bin/install_go_rust.sh
 ARG GO_VERSION
-RUN install_go.sh "${GO_VERSION}"
+ARG RUST_VERSION
+RUN install_go_rust.sh "${GO_VERSION}" "${RUST_VERSION}"
 ENV PATH=/usr/local/go/bin:${PATH}
+ENV PATH=/root/.cargo/bin/:${PATH}

tools/packaging/static-build/shim-v2/build.sh

@@ -14,18 +14,29 @@ readonly kernel_builder="${repo_root_dir}/tools/packaging/kernel/build-kernel.sh
 
 
 GO_VERSION=${GO_VERSION}
+RUST_VERSION=${RUST_VERSION}
 
 DESTDIR=${DESTDIR:-${PWD}}
 PREFIX=${PREFIX:-/opt/kata}
 container_image="shim-v2-builder"
 
-sudo docker build  --build-arg GO_VERSION="${GO_VERSION}" -t "${container_image}" "${script_dir}"
+sudo docker build  --build-arg GO_VERSION="${GO_VERSION}"  --build-arg RUST_VERSION="${RUST_VERSION}" -t "${container_image}" "${script_dir}"
 
 arch=$(uname -m)
 if [ ${arch} = "ppc64le" ]; then
 	arch="ppc64"
 fi
 
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${repo_root_dir}/src/runtime-rs" \
+	"${container_image}" \
+	bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch}"
+
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${repo_root_dir}/src/runtime-rs" \
+	"${container_image}" \
+	bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" install"
+	
 sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${repo_root_dir}/src/runtime" \
 	"${container_image}" \

tools/packaging/static-build/shim-v2/install_go_rust.sh

@@ -50,6 +50,13 @@ EOF
 
 trap finish EXIT
 
+rust_version=${2:-}
+ARCH=${ARCH:-$(uname -m)}
+LIBC=${LIBC:-musl}
+curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSLf | sh -s -- -y --default-toolchain ${rust_version} -t ${ARCH}-unknown-linux-${LIBC}
+source /root/.cargo/env
+rustup target add x86_64-unknown-linux-musl
+
 pushd "${tmp_dir}"
 
 while getopts "d:fh" opt