From b1fc9291912603f8a46aee4b35a9f5c0971a2a76 Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Wed, 24 May 2023 17:14:03 +0100 Subject: [PATCH] kata-deploy-cc: Port fixes Port over fixes from `kata-deploy` into `kata-deploy-cc` - https://github.com/kata-containers/kata-containers/pull/6829 - https://github.com/kata-containers/kata-containers/pull/6913 - https://github.com/kata-containers/kata-containers/pull/6648 Fixes: #6955 Signed-off-by: stevenhorsman --- tools/packaging/kata-deploy-cc/Dockerfile | 10 +++---- .../kata-deploy-cc/scripts/kata-deploy.sh | 29 ++++++++++++++----- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/tools/packaging/kata-deploy-cc/Dockerfile b/tools/packaging/kata-deploy-cc/Dockerfile index 0f14b066cc..3c5a0916c7 100644 --- a/tools/packaging/kata-deploy-cc/Dockerfile +++ b/tools/packaging/kata-deploy-cc/Dockerfile @@ -6,25 +6,25 @@ ARG BASE_IMAGE_NAME=ubuntu ARG BASE_IMAGE_TAG=20.04 FROM $BASE_IMAGE_NAME:$BASE_IMAGE_TAG +ENV DEBIAN_FRONTEND=noninteractive ARG KATA_ARTIFACTS=./kata-static.tar.xz ARG DESTINATION=/opt/kata-artifacts COPY ${KATA_ARTIFACTS} ${WORKDIR} -ENV DEBIAN_FRONTEND=noninteractive SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN \ apt-get update && \ apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl xz-utils systemd && \ mkdir -p /etc/apt/keyrings/ && \ -curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg && \ +curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg && \ echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \ apt-get update && \ apt-get install -y --no-install-recommends kubectl && \ apt-get clean && rm -rf /var/lib/apt/lists/ && \ mkdir -p ${DESTINATION} && \ -tar xvf ${KATA_ARTIFACTS} -C ${DESTINATION} && \ -rm ${WORKDIR}/${KATA_ARTIFACTS} +tar xvf ${WORKDIR}/${KATA_ARTIFACTS} -C ${DESTINATION} && \ +rm -f ${WORKDIR}/${KATA_ARTIFACTS} -COPY scripts ${DESTINATION}/scripts +COPY scripts ${DESTINATION}/scripts \ No newline at end of file diff --git a/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh b/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh index 507980c2d2..d0c626b210 100755 --- a/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh @@ -64,6 +64,15 @@ function install_artifacts() { chmod +x /opt/confidential-containers/bin/* } +function wait_till_node_is_ready() { + local ready="False" + + while ! [[ "${ready}" == "True" ]]; do + sleep 2s + ready=$(kubectl get node $NODE_NAME -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}') + done +} + function configure_cri_runtime() { configure_different_shims_base @@ -77,6 +86,8 @@ function configure_cri_runtime() { esac systemctl daemon-reload systemctl restart "$1" + + wait_till_node_is_ready } function backup_shim() { @@ -303,6 +314,8 @@ function reset_runtime() { if [ "$1" == "crio" ] || [ "$1" == "containerd" ]; then systemctl restart kubelet fi + + wait_till_node_is_ready } function main() { @@ -314,7 +327,10 @@ function main() { runtime=$(get_container_runtime) - if [ "$runtime" == "k3s" ] || [ "$runtime" == "k3s-agent" ] || [ "$runtime" == "rke2-agent" ] || [ "$runtime" == "rke2-server" ]; then + # CRI-O isn't consistent with the naming -- let's use crio to match the service file + if [ "$runtime" == "cri-o" ]; then + runtime="crio" + elif [ "$runtime" == "k3s" ] || [ "$runtime" == "k3s-agent" ] || [ "$runtime" == "rke2-agent" ] || [ "$runtime" == "rke2-server" ]; then containerd_conf_tmpl_file="${containerd_conf_file}.tmpl" if [ ! -f "$containerd_conf_tmpl_file" ]; then cp "$containerd_conf_file" "$containerd_conf_tmpl_file" @@ -322,15 +338,12 @@ function main() { containerd_conf_file="${containerd_conf_tmpl_file}" containerd_conf_file_backup="${containerd_conf_file}.bak" - elif [ "$runtime" == "containerd" ]; then + else # runtime == containerd if [ ! -f "$containerd_conf_file" ] && [ -d $(dirname "$containerd_conf_file") ] && \ [ -x $(command -v containerd) ]; then containerd config default > "$containerd_conf_file" fi - # CRI-O isn't consistent with the naming -- let's use crio to match the service file - elif [ "$runtime" == "cri-o" ]; then - runtime="crio" fi action=${1:-} @@ -339,8 +352,8 @@ function main() { die "invalid arguments" fi - # only install / remove / update if we are dealing with containerd - if [[ "$runtime" =~ ^(containerd|k3s|k3s-agent|rke2-agent|rke2-server|crio)$ ]]; then + # only install / remove / update if we are dealing with CRIO or containerd + if [[ "$runtime" =~ ^(crio|containerd|k3s|k3s-agent|rke2-agent|rke2-server)$ ]]; then case "$action" in install) @@ -368,4 +381,4 @@ function main() { sleep infinity } -main "$@" +main "$@" \ No newline at end of file