| commit | 5e4fc2d107722f748f90cad06601c1b20e0934fc | [log] [tgz] |
|---|---|---|
| author | Lorenz Brun <lorenz@nexantic.com> | Tue Sep 22 18:35:15 2020 +0200 |
| committer | Lorenz Brun <lorenz@nexantic.com> | Tue Sep 22 18:35:15 2020 +0200 |
| tree | 3f29a0772e9182a7e7cc0073b61b00f58013e071 | |
| parent | fa5c2fccc528b40f216687e02f0c1cd004e013d6 [diff] |
Add support for runc container runtime Adds the runc container runtime, its containerd shim, required Linux features and plumbs it into Kubernetes using RuntimeClasses and containerd runtime selection. Also adds support for building C-based targets as part of our initramfs. The Bazel portion is a bit verbose but since label dicts cannot be reasonably concatenated and closures are prohibited in Starlark I see no better way. For this to be usable for most images new Linux binfmt options have been added. The hashbang binfmt shouldn't have any negative impact, but binfmt_misc has a registry which is only namespaced if used with user namespaces, which are currently not used and thus might represent an exploit vector. This is tracked in T864. Test Plan: New E2E tests covering this feature have been added. X-Origin-Diff: phab/D625 GitOrigin-RevId: 1e7e27166135437b2965eca4dc238f3255c9b1ba
This is the monorepo storing all of nexantic's internal projects and libraries.
We assume a Fedora host system provisioned using rW, and IntelliJ as the IDE.
For better reproducibility, all builds are executed in containers.
Spinning up: scripts/create_container.sh
Spinning down: scripts/destroy_container.sh
Running commands: scripts/run_in_container.sh <...>
Using bazel using a wrapper script: scripts/bin/bazel <...> (add to your local $PATH for convenience)
Launch the node:
bazel run //:launch
Run a kubectl command:
bazel run //core/cmd/dbg -- kubectl describe
This repository is compatible with the IntelliJ Bazel plugin. All commands run inside the container, and necessary paths are mapped into the container.
We check the entire .ijwb project directory into the repository, which requires everyone to use the latest version of both IntelliJ and the Bazel plugin, but eliminates manual setup steps.
The following steps are necessary:
Install Google's official Bazel plugin in IntelliJ.
Add the absolute path to your ~/.cache/bazel-nxt folder to your idea64.vmoptions (Help → Edit Custom VM Options) and restart IntelliJ:
-Dbazel.bep.path=/home/leopold/.cache/bazel-nxt
Set "Bazel Binary Location" in Other Settings → Bazel Settings to the absolute path of scripts/bin/bazel. This is a wrapper that will execute Bazel inside the container.
Open the .ijwb folder as IntelliJ project.
Disable Vgo support for the project.
Run a non-incremental sync in IntelliJ
The plugin will automatically resolve paths for generated files.
If you do not use IntelliJ, you need to use the scripts/bazel_copy_generated_for_ide.sh script to copy files locally.