Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 74e8e5c35fea1ec9ce13c8a2d16100bab45d42d9
commit74e8e5c35fea1ec9ce13c8a2d16100bab45d42d9[log] [tgz]
authorLorenz Brun <lorenz@nexantic.com>Tue Jan 26 14:00:50 2021 +0100
committerLorenz Brun <lorenz@nexantic.com>Tue Jan 26 14:00:50 2021 +0100
tree3ec734c4b86fed54a5039623c789dd4b805b3b6e
parent19eb0006edc79edc53fb53ea0eed67e93f4c8eba [diff]
Make containerd work with read-only root

This makes containerd work with a read-only root. There were a few config mistakes on our side which
caused it to write to the rootfs (mostly leftovers from the switch to /ephemeral) and a semi-hardcoded path
in /var/lib/cni from containernetworking/cni. This is technically configurable, but it would require patching
three different repos (see diff message) and getting all of them to agree to take the change and wait for
it to propagate to all repos (containerd is known to be slow to release stuff). So let's just hack in
this one-line diff for the time being.

Test Plan: Should be covered by existing tests

X-Origin-Diff: phab/D694
GitOrigin-RevId: 0e8f5dbfb216539c16e64130af9fe1023722ae1b
8 files changed
tree: 3ec734c4b86fed54a5039623c789dd4b805b3b6e
  1. build/
  2. intellij/
  3. metropolis/
  4. scripts/
  5. third_party/
  6. .bazelignore
  7. .bazelproject
  8. .bazelrc
  9. BUILD
  10. nogo_config.json
  11. README.md
  12. WORKSPACE
README.md

Monogon Source Monorepo

This is the main repository containing Monogon's public source code, including Metropolis.

Environment

We assume a Fedora host system provisioned using rW, and IntelliJ as the IDE.

For better reproducibility, all builds are executed in containers.

Usage

Spinning up: scripts/create_container.sh

Spinning down: scripts/destroy_container.sh

Running commands: scripts/run_in_container.sh <...>

Using bazel using a wrapper script: scripts/bin/bazel <...> (add to your local $PATH for convenience)

IntelliJ

This repository is compatible with the IntelliJ Bazel plugin. All commands run inside the container, and necessary paths are mapped into the container.

The following steps are necessary:

  • Install Google's Bazel plugin in IntelliJ.

  • Add the absolute path to your ~/.cache/bazel-nxt folder to your idea64.vmoptions (Help → Edit Custom VM Options) and restart IntelliJ:

    -Dbazel.bep.path=/home/leopold/.cache/bazel-nxt

  • Set "Bazel Binary Location" in Other Settings → Bazel Settings to the absolute path of scripts/bin/bazel. This is a wrapper that will execute Bazel inside the container.

  • Use File → Import Bazel project... to create a new project from .bazelproject.

After running the first sync, everything should now resolve in the IDE, including generated code.

It's strongly recommend to use our project presets for file watchers and other IDE features. Run this command and re-open the project in order to install them:

bazel run intellij/localconfig $(pwd)

Metropolis

Run a single node cluster

Launch the node:

bazel run //:launch

Run a kubectl command:

bazel run //metropolis/cli/dbg -- kubectl describe