4
4
"context"
5
5
"fmt"
6
6
"net"
7
+ "net/url"
8
+ "strings"
7
9
"time"
8
10
9
11
"github.com/pkg/errors"
@@ -298,7 +300,7 @@ func (a *Install) DaemonSet(_ context.Context, k *client.Interface) error {
298
300
{Name : "_PATH" , Value : "/usr/sbin:/usr/bin:/sbin:/bin:/bin/aux" },
299
301
},
300
302
Command : []string {"sh" , "-c" },
301
- Args : []string {"(if mountpoint $_DIR; then nsenter -m -p -t 1 -- env PATH=$_PATH sh -c 'mount --make-rshared $_DIR'; fi) || true" },
303
+ Args : []string {"(if mountpoint $_DIR; set -x; nsenter -m -p -t 1 -- env PATH=$_PATH sh -c 'mount --make-rshared $_DIR'; fi) || true" },
302
304
SecurityContext : & corev1.SecurityContext {
303
305
Privileged : & privileged ,
304
306
},
@@ -313,27 +315,27 @@ func (a *Install) DaemonSet(_ context.Context, k *client.Interface) error {
313
315
{Name : "_PATH" , Value : "/usr/sbin:/usr/bin:/sbin:/bin:/bin/aux" },
314
316
},
315
317
Command : []string {"sh" , "-c" },
316
- Args : []string {"(if mountpoint $_DIR; then nsenter -m -p -t 1 -- env PATH=$_PATH sh -c 'mount --make-rshared $_DIR'; fi) || true" },
318
+ Args : []string {"(if mountpoint $_DIR; then set -x; nsenter -m -p -t 1 -- env PATH=$_PATH sh -c 'mount --make-rshared $_DIR'; fi) || true" },
317
319
SecurityContext : & corev1.SecurityContext {
318
320
Privileged : & privileged ,
319
321
},
320
322
VolumeMounts : []corev1.VolumeMount {
321
323
{Name : "host-var-lib-buildkit" , MountPath : "/var/lib/buildkit" },
322
324
},
323
325
}, {
324
- Name : "rshared-rancher " ,
326
+ Name : "rshared-containerd " ,
325
327
Image : buildkitImage ,
326
328
Env : []corev1.EnvVar {
327
- {Name : "_DIR" , Value : "/var/lib/rancher" },
329
+ {Name : "_DIR" , Value : a . ContainerdVolume },
328
330
{Name : "_PATH" , Value : "/usr/sbin:/usr/bin:/sbin:/bin:/bin/aux" },
329
331
},
330
332
Command : []string {"sh" , "-c" },
331
- Args : []string {"(if mountpoint $_DIR; then nsenter -m -p -t 1 -- env PATH=$_PATH sh -c 'mount --make-rshared $_DIR'; fi) || true" },
333
+ Args : []string {"(if mountpoint $_DIR; set -x; nsenter -m -p -t 1 -- env PATH=$_PATH sh -c 'mount --make-rshared $_DIR'; fi) || true" },
332
334
SecurityContext : & corev1.SecurityContext {
333
335
Privileged : & privileged ,
334
336
},
335
337
VolumeMounts : []corev1.VolumeMount {
336
- {Name : "host-var-lib-rancher " , MountPath : "/var/lib/rancher" },
338
+ {Name : "host-containerd " , MountPath : a . ContainerdVolume },
337
339
},
338
340
}},
339
341
Containers : []corev1.Container {{
@@ -361,7 +363,7 @@ func (a *Install) DaemonSet(_ context.Context, k *client.Interface) error {
361
363
{Name : "host-run" , MountPath : "/run" },
362
364
{Name : "host-tmp" , MountPath : "/tmp" , MountPropagation : & mountPropagationBidirectional },
363
365
{Name : "host-var-lib-buildkit" , MountPath : "/var/lib/buildkit" , MountPropagation : & mountPropagationBidirectional },
364
- {Name : "host-var-lib-rancher " , MountPath : "/var/lib/rancher" , MountPropagation : & mountPropagationBidirectional },
366
+ {Name : "host-containerd " , MountPath : a . ContainerdVolume , MountPropagation : & mountPropagationBidirectional },
365
367
{Name : "certs-ca" , MountPath : "/certs/ca" , ReadOnly : true },
366
368
{Name : "certs-server" , MountPath : "/certs/server" , ReadOnly : true },
367
369
},
@@ -373,7 +375,6 @@ func (a *Install) DaemonSet(_ context.Context, k *client.Interface) error {
373
375
Command : []string {"kim" , "--debug" , "agent" },
374
376
Args : []string {
375
377
fmt .Sprintf ("--agent-port=%d" , a .AgentPort ),
376
- fmt .Sprintf ("--buildkit-namespace=%s" , a .BuildkitNamespace ),
377
378
fmt .Sprintf ("--buildkit-socket=%s" , a .BuildkitSocket ),
378
379
fmt .Sprintf ("--buildkit-port=%d" , a .BuildkitPort ),
379
380
fmt .Sprintf ("--containerd-socket=%s" , a .ContainerdSocket ),
@@ -388,12 +389,12 @@ func (a *Install) DaemonSet(_ context.Context, k *client.Interface) error {
388
389
Privileged : & privileged ,
389
390
},
390
391
VolumeMounts : []corev1.VolumeMount {
392
+ {Name : "host-containerd" , MountPath : a .ContainerdVolume , MountPropagation : & mountPropagationBidirectional },
391
393
{Name : "host-ctl" , MountPath : "/sys/fs/cgroup" },
392
394
{Name : "host-etc-pki" , MountPath : "/etc/pki" , ReadOnly : true },
393
395
{Name : "host-etc-ssl" , MountPath : "/etc/ssl" , ReadOnly : true },
394
396
{Name : "host-run" , MountPath : "/run" },
395
397
{Name : "host-var-lib-buildkit" , MountPath : "/var/lib/buildkit" , MountPropagation : & mountPropagationBidirectional },
396
- {Name : "host-var-lib-rancher" , MountPath : "/var/lib/rancher" , MountPropagation : & mountPropagationBidirectional },
397
398
{Name : "certs-ca" , MountPath : "/certs/ca" , ReadOnly : true },
398
399
{Name : "certs-server" , MountPath : "/certs/server" , ReadOnly : true },
399
400
},
@@ -442,9 +443,9 @@ func (a *Install) DaemonSet(_ context.Context, k *client.Interface) error {
442
443
},
443
444
},
444
445
{
445
- Name : "host-var-lib-rancher " , VolumeSource : corev1.VolumeSource {
446
+ Name : "host-containerd " , VolumeSource : corev1.VolumeSource {
446
447
HostPath : & corev1.HostPathVolumeSource {
447
- Path : "/var/lib/rancher" , Type : & hostPathDirectoryOrCreate ,
448
+ Path : a . ContainerdVolume , Type : & hostPathDirectoryOrCreate ,
448
449
},
449
450
},
450
451
},
@@ -474,6 +475,7 @@ func (a *Install) DaemonSet(_ context.Context, k *client.Interface) error {
474
475
return err
475
476
}
476
477
478
+ // NodeRole asserts that the node can run KIM and labels it with the builder role
477
479
func (a * Install ) NodeRole (_ context.Context , k * client.Interface ) error {
478
480
nodeList , err := k .Core .Node ().List (metav1.ListOptions {
479
481
LabelSelector : a .Selector ,
@@ -488,6 +490,29 @@ func (a *Install) NodeRole(_ context.Context, k *client.Interface) error {
488
490
if err != nil {
489
491
return err
490
492
}
493
+ // detect container runtime and adjust defaults
494
+ crv , err := url .Parse (node .Status .NodeInfo .ContainerRuntimeVersion )
495
+ if err != nil {
496
+ return errors .Wrap (err , "failed to parse container runtime version" )
497
+ }
498
+ switch {
499
+ case crv .Scheme == "containerd" && strings .Contains (crv .Host , "-k3s" ): // embedded containerd
500
+ if a .ContainerdSocket == "" {
501
+ a .ContainerdSocket = server .K3sContainerdSocket
502
+ }
503
+ if a .ContainerdVolume == "" {
504
+ a .ContainerdVolume = server .K3sContainerdVolume
505
+ }
506
+ case crv .Scheme == "containerd" : // external containerd
507
+ if a .ContainerdSocket == "" {
508
+ a .ContainerdSocket = server .StockContainerdSocket
509
+ }
510
+ if a .ContainerdVolume == "" {
511
+ a .ContainerdVolume = server .StockContainerdVolume
512
+ }
513
+ default :
514
+ return errors .Errorf ("container runtime `%s` not supported" , crv .Scheme )
515
+ }
491
516
node .Labels = labels .Merge (node .Labels , labels.Set {
492
517
"node-role.kubernetes.io/builder" : "true" ,
493
518
})
0 commit comments