From 554e8f91b1931dba3aa48d6cd7b9a29b0f0fd5cf Mon Sep 17 00:00:00 2001 From: Florian Vichot Date: Thu, 21 May 2026 11:32:17 +1000 Subject: [PATCH] kata-monitor: use full URI for connecting to containerd Without the protocol in the URI, grpc-go defaults to the DNS resolver, which results in an error for unix sockets (`name resolver error: produced zero addresses`). We also remove the `getAddressAndDialer(...)` and `dial(...)` functions, as they are no longer necessary, grpc-go supports connecting to unix sockets directly. This also removes the matching tests. This also adds a `Makefile` and tweaks the Dockerfile to simplify building the Docker image. Fixes #12398 Signed-off-by: Florian Vichot --- src/runtime/pkg/kata-monitor/cri.go | 24 ++++------------------- src/runtime/pkg/kata-monitor/cri_test.go | 13 ------------ tools/packaging/kata-monitor/Dockerfile | 20 ++++++++++++++++--- tools/packaging/kata-monitor/Makefile | 12 ++++++++++++ tools/packaging/kata-monitor/dockerignore | 7 +++++++ 5 files changed, 40 insertions(+), 36 deletions(-) create mode 100644 tools/packaging/kata-monitor/Makefile create mode 100644 tools/packaging/kata-monitor/dockerignore diff --git a/src/runtime/pkg/kata-monitor/cri.go b/src/runtime/pkg/kata-monitor/cri.go index a6c0f47cdb..e4bc13a00d 100644 --- a/src/runtime/pkg/kata-monitor/cri.go +++ b/src/runtime/pkg/kata-monitor/cri.go @@ -9,7 +9,6 @@ package katamonitor import ( "context" "fmt" - "net" "net/url" "github.com/pkg/errors" @@ -25,26 +24,15 @@ const ( unixProtocol = "unix" ) -// getAddressAndDialer returns the address parsed from the given endpoint and a context dialer. -func getAddressAndDialer(endpoint string) (string, func(ctx context.Context, addr string) (net.Conn, error), error) { - protocol, addr, err := parseEndpointWithFallbackProtocol(endpoint, unixProtocol) - if err != nil { - return "", nil, err - } - if protocol != unixProtocol { - return "", nil, fmt.Errorf("only support unix socket endpoint") - } - - return addr, dial, nil -} - func getConnection(endPoint string) (*grpc.ClientConn, error) { var conn *grpc.ClientConn - addr, dialer, err := getAddressAndDialer(endPoint) + protocol, addr, err := parseEndpointWithFallbackProtocol(endPoint, unixProtocol) if err != nil { return nil, err } - conn, err = grpc.NewClient(addr, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer)) + // Pass the full URI to NewClient so it can pick the right resolver based on the scheme + addr = protocol + "://" + addr + conn, err = grpc.NewClient(addr, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { errMsg := errors.Wrapf(err, "connect endpoint '%s', make sure you are running as root and the endpoint has been started", endPoint) return nil, errMsg @@ -76,10 +64,6 @@ func getRuntimeClient(runtimeEndpoint string) (pb.RuntimeServiceClient, *grpc.Cl return runtimeClient, conn, nil } -func dial(ctx context.Context, addr string) (net.Conn, error) { - return (&net.Dialer{}).DialContext(ctx, unixProtocol, addr) -} - func parseEndpointWithFallbackProtocol(endpoint string, fallbackProtocol string) (protocol string, addr string, err error) { if protocol, addr, err = parseEndpoint(endpoint); err != nil && protocol == "" { fallbackEndpoint := fallbackProtocol + "://" + endpoint diff --git a/src/runtime/pkg/kata-monitor/cri_test.go b/src/runtime/pkg/kata-monitor/cri_test.go index 5423c60e2a..487d74c81e 100644 --- a/src/runtime/pkg/kata-monitor/cri_test.go +++ b/src/runtime/pkg/kata-monitor/cri_test.go @@ -11,19 +11,6 @@ import ( "github.com/stretchr/testify/assert" ) -func TestGetAddressAndDialer(t *testing.T) { - assert := assert.New(t) - - endpoint := "/no/protocol" - addr, _, err := getAddressAndDialer(endpoint) - assert.Nil(err, "endpoints with no protocol are deprecated but should be accepted") - assert.Equal(endpoint, addr, "failed address parsing") - - endpoint = "tcp://hostname:1234" - _, _, err = getAddressAndDialer(endpoint) - assert.NotNil(err, "only unix endpoints should be accepted") -} - func TestParseEndpointWithFallbackProtocol(t *testing.T) { assert := assert.New(t) diff --git a/tools/packaging/kata-monitor/Dockerfile b/tools/packaging/kata-monitor/Dockerfile index e83fa07b6b..d71eaaff3d 100644 --- a/tools/packaging/kata-monitor/Dockerfile +++ b/tools/packaging/kata-monitor/Dockerfile @@ -1,12 +1,26 @@ # Copyright (c) 2020 Eric Ernst # SPDX-License-Identifier: Apache-2.0 - -FROM golang:1.23-alpine AS builder +ARG GO_VERSION +FROM golang:${GO_VERSION}-alpine AS builder RUN apk add --no-cache bash curl git make build-base WORKDIR /go/src/github.com/kata-containers/kata-containers/src/runtime + +COPY src/runtime/go.* . +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + go mod download + COPY . /go/src/github.com/kata-containers/kata-containers -RUN make SKIP_GO_VERSION_CHECK=true monitor +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + make SKIP_GO_VERSION_CHECK=true monitor + +# run tests +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + cd pkg/kata-monitor/ && go test -c -o /tmp/tests +RUN /tmp/tests FROM alpine:3.14 COPY --from=builder /go/src/github.com/kata-containers/kata-containers/src/runtime/kata-monitor /usr/bin/kata-monitor diff --git a/tools/packaging/kata-monitor/Makefile b/tools/packaging/kata-monitor/Makefile new file mode 100644 index 0000000000..eb1e3ef2e4 --- /dev/null +++ b/tools/packaging/kata-monitor/Makefile @@ -0,0 +1,12 @@ +# Copyright (c) 2026 Florian Vichot +# SPDX-License-Identifier: Apache-2.0 + +all: docker + +docker: + docker build \ + -f Dockerfile \ + --ignorefile dockerignore \ + --build-arg GO_VERSION=$$(yq '.languages.golang.version' $(CURDIR)/../../../versions.yaml) \ + -t kata-monitor:$$(cat $(CURDIR)/../../../VERSION) \ + $(CURDIR)/../../.. diff --git a/tools/packaging/kata-monitor/dockerignore b/tools/packaging/kata-monitor/dockerignore new file mode 100644 index 0000000000..843a44b85d --- /dev/null +++ b/tools/packaging/kata-monitor/dockerignore @@ -0,0 +1,7 @@ +# Copyright (c) 2026 Florian Vichot +# SPDX-License-Identifier: Apache-2.0 + +# Remove everything except the few things we actually need +* +!src/runtime/ +!VERSION