m/n/k/containerd: use preseeded pause container
To allow no-network tests we need to bundle the pause container.
Change-Id: I1fa6bb70c10a16097d35d919941f501ddc5f784d
Reviewed-on: https://review.monogon.dev/c/monogon/+/2767
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
index eb7e870..52c5d56 100644
--- a/metropolis/node/BUILD.bazel
+++ b/metropolis/node/BUILD.bazel
@@ -84,6 +84,7 @@
# Containerd preseed bundles
"//metropolis/test/e2e/preseedtest:preseedtest_tarball": "/containerd/preseed/k8s.io/preseedtest.tar",
+ "//metropolis/node/kubernetes/pause:pause_tarball": "/containerd/preseed/k8s.io/pause.tar",
# CNI Plugins
"@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
diff --git a/metropolis/node/kubernetes/containerd/config.toml b/metropolis/node/kubernetes/containerd/config.toml
index f033b27..4f6e31c 100644
--- a/metropolis/node/kubernetes/containerd/config.toml
+++ b/metropolis/node/kubernetes/containerd/config.toml
@@ -53,7 +53,7 @@
stream_server_port = "0"
stream_idle_timeout = "4h0m0s"
enable_selinux = false
- sandbox_image = "k8s.gcr.io/pause:3.1"
+ sandbox_image = "preseed.metropolis.internal/node/kubernetes/pause:latest"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
diff --git a/metropolis/node/kubernetes/kubelet.go b/metropolis/node/kubernetes/kubelet.go
index 2d18b72..136bc28 100644
--- a/metropolis/node/kubernetes/kubelet.go
+++ b/metropolis/node/kubernetes/kubelet.go
@@ -29,6 +29,7 @@
kubeletconfig "k8s.io/kubelet/config/v1beta1"
ipb "source.monogon.dev/metropolis/node/core/curator/proto/api"
+
"source.monogon.dev/metropolis/node/core/localstorage"
"source.monogon.dev/metropolis/node/kubernetes/pki"
"source.monogon.dev/metropolis/node/kubernetes/reconciler"
@@ -135,6 +136,8 @@
cmd := exec.CommandContext(ctx, "/kubernetes/bin/kube", "kubelet",
fargs.FileOpt("--config", "config.json", configRaw),
fmt.Sprintf("--container-runtime-endpoint=unix://%s", s.EphemeralDirectory.Containerd.ClientSocket.FullPath()),
+ //TODO: Remove with k8s 1.29 (https://github.com/kubernetes/kubernetes/pull/118544)
+ "--pod-infra-container-image", "preseed.metropolis.internal/node/kubernetes/pause:latest",
fargs.FileOpt("--kubeconfig", "kubeconfig", s.kubeconfig),
fmt.Sprintf("--root-dir=%s", s.KubeletDirectory.FullPath()),
)
diff --git a/metropolis/node/kubernetes/pause/BUILD.bazel b/metropolis/node/kubernetes/pause/BUILD.bazel
new file mode 100644
index 0000000..b70d051
--- /dev/null
+++ b/metropolis/node/kubernetes/pause/BUILD.bazel
@@ -0,0 +1,45 @@
+cc_binary(
+ name = "pause",
+ srcs = [
+ "@io_k8s_kubernetes//build/pause/linux:pause.c",
+ ],
+ visibility = [
+ "//metropolis/node:__pkg__",
+ ],
+)
+
+load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_binary")
+
+platform_transition_binary(
+ name = "pause_transitioned",
+ binary = ":pause",
+ target_platform = "//build/platforms:linux_amd64_static",
+ visibility = ["//visibility:private"],
+)
+
+load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
+
+pkg_tar(
+ name = "pause_layer",
+ srcs = [":pause_transitioned"],
+ visibility = ["//visibility:private"],
+)
+
+load("@rules_oci//oci:defs.bzl", "oci_image", "oci_tarball")
+
+oci_image(
+ name = "pause_image",
+ architecture = "amd64",
+ entrypoint = ["/pause"],
+ os = "linux",
+ tars = [":pause_layer"],
+ visibility = ["//visibility:public"],
+ workdir = "/",
+)
+
+oci_tarball(
+ name = "pause_tarball",
+ image = ":pause_image",
+ repo_tags = ["preseed.metropolis.internal/node/kubernetes/pause:latest"],
+ visibility = ["//metropolis/node:__pkg__"],
+)