From f753893b5fa9d3d54d3ef1b2fddf77fb015a0f71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Wei=C3=9Fe?= Date: Mon, 18 Nov 2024 12:14:24 +0100 Subject: [PATCH 1/2] packages/by-name: add peerpod node-installer --- internal/kuberesource/parts.go | 2 +- justfile | 2 +- packages/by-name/contrast/package.nix | 3 +- .../contrast-node-installer-image/package.nix | 141 ++++++++++++++++++ packages/containers.nix | 3 + 5 files changed, 148 insertions(+), 3 deletions(-) create mode 100644 packages/by-name/peerpod/contrast-node-installer-image/package.nix diff --git a/internal/kuberesource/parts.go b/internal/kuberesource/parts.go index a7f324b4e..bc1aea596 100644 --- a/internal/kuberesource/parts.go +++ b/internal/kuberesource/parts.go @@ -207,7 +207,7 @@ func NodeInstaller(namespace string, platform platforms.Platform) (*NodeInstalle containers = []*applycorev1.ContainerApplyConfiguration{nydusSnapshotter} volumes = nydusSnapshotterVolumes case platforms.AKSPeerSNP: - nodeInstallerImageURL = "ghcr.io/edgelesssys/contrast/node-installer-kata:latest" + nodeInstallerImageURL = "ghcr.io/edgelesssys/contrast/node-installer-peerpod:latest" containers = []*applycorev1.ContainerApplyConfiguration{nydusSnapshotter, cloudAPIAdaptor} volumes = append(nydusSnapshotterVolumes, cloudAPIAdaptorVolumes...) default: diff --git a/justfile b/justfile index 3275e4e31..ad6219fea 100644 --- a/justfile +++ b/justfile @@ -53,7 +53,7 @@ node-installer platform=default_platform: ;; "AKS-PEER-SNP") just push "nydus-snapshotter" - just push "node-installer-kata" + just push "node-installer-peerpod" just push "cloud-api-adaptor" ;; *) diff --git a/packages/by-name/contrast/package.nix b/packages/by-name/contrast/package.nix index 45f17141b..b740003a5 100644 --- a/packages/by-name/contrast/package.nix +++ b/packages/by-name/contrast/package.nix @@ -7,6 +7,7 @@ buildGoTest, microsoft, kata, + peerpod, contrast, installShellFiles, }: @@ -52,7 +53,7 @@ let k3s-qemu-tdx-handler = runtimeHandler "k3s-qemu-tdx" kata.contrast-node-installer-image.runtimeHash; rke2-qemu-tdx-handler = runtimeHandler "rke2-qemu-tdx" kata.contrast-node-installer-image.runtimeHash; k3s-qemu-snp-handler = runtimeHandler "k3s-qemu-snp" kata.contrast-node-installer-image.runtimeHash; - aks-peer-snp-handler = runtimeHandler "aks-peer-snp" kata.contrast-node-installer-image.runtimeHash; + aks-peer-snp-handler = runtimeHandler "aks-peer-snp" peerpod.contrast-node-installer-image.runtimeHash; aksRefVals = { snp = [ diff --git a/packages/by-name/peerpod/contrast-node-installer-image/package.nix b/packages/by-name/peerpod/contrast-node-installer-image/package.nix new file mode 100644 index 000000000..a40a92c56 --- /dev/null +++ b/packages/by-name/peerpod/contrast-node-installer-image/package.nix @@ -0,0 +1,141 @@ +# Copyright 2024 Edgeless Systems GmbH +# SPDX-License-Identifier: AGPL-3.0-only + +{ + ociLayerTar, + ociImageManifest, + ociImageLayout, + writers, + hashDirs, + + contrast, + kata, + nydus-snapshotter, + pkgsStatic, + + debugRuntime ? false, +}: + +let + node-installer = ociLayerTar { + files = [ + { + source = "${contrast.nodeinstaller}/bin/node-installer"; + destination = "/bin/node-installer"; + } + { + source = "${pkgsStatic.util-linux}/bin/nsenter"; + destination = "/bin/nsenter"; + } + ]; + }; + + installer-config = ociLayerTar { + files = [ + { + source = writers.writeJSON "contrast-node-install.json" { + files = [ + { + url = "file:///opt/edgeless/share/kata-containers.img"; + path = "/opt/edgeless/@@runtimeName@@/share/kata-containers.img"; + } + { + url = "file:///opt/edgeless/share/kata-kernel"; + path = "/opt/edgeless/@@runtimeName@@/share/kata-kernel"; + } + { + url = "file:///opt/edgeless/bin/containerd-shim-contrast-cc-v2"; + path = "/opt/edgeless/@@runtimeName@@/bin/containerd-shim-contrast-cc-v2"; + executable = true; + } + { + url = "file:///opt/edgeless/bin/kata-runtime"; + path = "/opt/edgeless/@@runtimeName@@/bin/kata-runtime"; + executable = true; + } + { + url = "file:///bin/nydus-overlayfs"; + path = "/opt/edgeless/@@runtimeName@@/bin/nydus-overlayfs"; + executable = true; + } + ]; + inherit debugRuntime; + }; + destination = "/config/contrast-node-install.json"; + } + ]; + }; + + kata-container-img = ociLayerTar { + files = [ + { + source = kata.kata-image; + destination = "/opt/edgeless/share/kata-containers.img"; + } + { + source = "${kata.kata-kernel-uvm}/bzImage"; + destination = "/opt/edgeless/share/kata-kernel"; + } + ]; + }; + + kata-runtime = ociLayerTar { + files = [ + { + source = "${kata.kata-runtime}/bin/kata-runtime"; + destination = "/opt/edgeless/bin/kata-runtime"; + } + { + source = "${kata.kata-runtime}/bin/containerd-shim-kata-v2"; + destination = "/opt/edgeless/bin/containerd-shim-contrast-cc-v2"; + } + ]; + }; + + nydus = ociLayerTar { + files = [ + { + source = "${nydus-snapshotter}/bin/nydus-overlayfs"; + destination = "/bin/nydus-overlayfs"; + } + ]; + }; + + layers = [ + installer-config + kata-container-img + kata-runtime + nydus + ]; + + manifest = ociImageManifest { + layers = layers ++ [ node-installer ]; + extraConfig = { + "config" = { + "Env" = [ + "PATH=/bin:/usr/bin" + "CONFIG_DIR=/config" + "HOST_MOUNT=/host" + ]; + "Entrypoint" = [ "/bin/node-installer" ]; + }; + }; + extraManifest = { + "annotations" = { + "org.opencontainers.image.title" = "contrast-node-installer-peerpod"; + "org.opencontainers.image.description" = "Contrast Node Installer (Peerpod)"; + }; + }; + }; +in + +ociImageLayout { + manifests = [ manifest ]; + passthru = { + inherit debugRuntime; + runtimeHash = hashDirs { + dirs = layers; # Layers without node-installer, or we have a circular dependency! + name = "runtime-hash-peerpod"; + }; + }; +} diff --git a/packages/containers.nix b/packages/containers.nix index 78e277ca5..4ec288b6c 100644 --- a/packages/containers.nix +++ b/packages/containers.nix @@ -187,5 +187,8 @@ containers push-node-installer-kata = pushOCIDir "push-node-installer-kata" pkgs.kata.contrast-node-installer-image "v${pkgs.contrast.version}"; + push-node-installer-peerpod = + pushOCIDir "push-node-installer-peerpod" pkgs.peerpod.contrast-node-installer-image + "v${pkgs.contrast.version}"; } // (lib.concatMapAttrs (name: container: { "push-${name}" = pushContainer container; }) containers) From 582e46679ab07ee8d1336f8c74330e7537875313 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Wei=C3=9Fe?= Date: Mon, 18 Nov 2024 12:14:51 +0100 Subject: [PATCH 2/2] release: include peerpod runtime in release --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 94b335c65..2f5f3c187 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -294,7 +294,7 @@ jobs: - name: Create coordinator resource definitions run: | mkdir -p workspace - for platform in aks-clh-snp k3s-qemu-tdx k3s-qemu-snp rke2-qemu-tdx; do + for platform in aks-clh-snp k3s-qemu-tdx k3s-qemu-snp rke2-qemu-tdx aks-peer-snp; do nix run .#scripts.write-coordinator-yaml -- "${coordinatorImgTagged}" "${platform}" > workspace/coordinator-$platform.yml echo -n "${platform} " >> workspace/coordinator-policy.hash yq < workspace/coordinator-$platform.yml \