Add support for runc container runtime
Adds the runc container runtime, its containerd shim, required Linux features and plumbs it into
Kubernetes using RuntimeClasses and containerd runtime selection. Also adds support for building C-based
targets as part of our initramfs.
The Bazel portion is a bit verbose but since label dicts cannot be reasonably concatenated and closures
are prohibited in Starlark I see no better way.
For this to be usable for most images new Linux binfmt options have been added. The hashbang binfmt
shouldn't have any negative impact, but binfmt_misc has a registry which is only namespaced if used
with user namespaces, which are currently not used and thus might represent an exploit vector. This
is tracked in T864.
Test Plan: New E2E tests covering this feature have been added.
X-Origin-Diff: phab/D625
GitOrigin-RevId: 1e7e27166135437b2965eca4dc238f3255c9b1ba
diff --git a/core/tests/e2e/main_test.go b/core/tests/e2e/main_test.go
index c50263c..465ef23 100644
--- a/core/tests/e2e/main_test.go
+++ b/core/tests/e2e/main_test.go
@@ -26,6 +26,7 @@
_ "net/http"
_ "net/http/pprof"
"os"
+ "strings"
"testing"
"time"
@@ -148,6 +149,37 @@
return fmt.Errorf("pod is not ready: %v", events.Items[0].Message)
}
})
+ testEventual(t, "Simple deployment with runc", ctx, largeTestTimeout, func(ctx context.Context) error {
+ deployment := makeTestDeploymentSpec("test-deploy-2")
+ var runcStr = "runc"
+ deployment.Spec.Template.Spec.RuntimeClassName = &runcStr
+ _, err := clientSet.AppsV1().Deployments("default").Create(ctx, deployment, metav1.CreateOptions{})
+ return err
+ })
+ testEventual(t, "Simple deployment is running on runc", ctx, largeTestTimeout, func(ctx context.Context) error {
+ res, err := clientSet.CoreV1().Pods("default").List(ctx, metav1.ListOptions{LabelSelector: "name=test-deploy-2"})
+ if err != nil {
+ return err
+ }
+ if len(res.Items) == 0 {
+ return errors.New("pod didn't get created")
+ }
+ pod := res.Items[0]
+ if podv1.IsPodAvailable(&pod, 1, metav1.NewTime(time.Now())) {
+ return nil
+ }
+ events, err := clientSet.CoreV1().Events("default").List(ctx, metav1.ListOptions{FieldSelector: fmt.Sprintf("involvedObject.name=%s,involvedObject.namespace=default", pod.Name)})
+ if err != nil || len(events.Items) == 0 {
+ return fmt.Errorf("pod is not ready: %v", pod.Status.Phase)
+ } else {
+ var errorMsg strings.Builder
+ for _, msg := range events.Items {
+ errorMsg.WriteString(" | ")
+ errorMsg.WriteString(msg.Message)
+ }
+ return fmt.Errorf("pod is not ready: %v", errorMsg.String())
+ }
+ })
testEventual(t, "Simple StatefulSet with PVC", ctx, largeTestTimeout, func(ctx context.Context) error {
_, err := clientSet.AppsV1().StatefulSets("default").Create(ctx, makeTestStatefulSet("test-statefulset-1"), metav1.CreateOptions{})
return err