Add CRI release build

Signed-off-by: Derek McGowan <derek@mcg.dev>
dmcgowan · Aug 10, 2020 · d911d24 · d911d24
1 parent e00a61a
commit d911d24
Show file tree

Hide file tree

Showing 5 changed files with 219 additions and 19 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -66,42 +66,48 @@ jobs:
 
       - name: Set env
         shell: bash
+        env:
+          MOS: ${{ matrix.os }}
         run: |
           releasever=${{ github.ref }}
           releasever="${releasever#refs/tags/}"
+          os=linux
+          [[ "${MOS}" =~ "windows" ]] && {
+            os=windows
+          }
           echo "::set-env name=RELEASE_VER::${releasever}"
           echo "::set-env name=GOPATH::${{ github.workspace }}"
+          echo "::set-env name=OS::${os}"
           echo "::add-path::${{ github.workspace }}/bin"
 
       - name: Checkout containerd
         uses: actions/checkout@v2
         with:
-          repository: containerd/containerd
+          repository: dmcgowan/containerd
           ref: ${{ github.ref }}
           path: src/github.com/containerd/containerd
+
       - name: HCS Shim commit
         id: hcsshim_commit
         if: startsWith(matrix.os, 'windows')
         shell: bash
         run: echo "::set-output name=sha::$(grep Microsoft/hcsshim vendor.conf | awk '{print $2}')"
         working-directory: src/github.com/containerd/containerd
+
       - name: Checkout hcsshim source
         if: startsWith(matrix.os, 'windows')
         uses: actions/checkout@v2
         with:
           repository: Microsoft/hcsshim
           ref: ${{ steps.hcsshim_commit.outputs.sha }}
           path: src/github.com/Microsoft/hcsshim
+
       - name: Make
         shell: bash
-        env:
-          MOS: ${{ matrix.os }}
-          OS: linux
         run: |
           make build
           make binaries
-          [[ "${MOS}" =~ "windows" ]] && {
-              OS=windows
+          [[ "${OS}" == "windows" ]] && {
               (
                 bindir="$(pwd)/bin"
                 cd ../../Microsoft/hcsshim
@@ -119,6 +125,46 @@ jobs:
           name: containerd-binaries-${{ matrix.os }}
           path: src/github.com/containerd/containerd/*.tar.gz*
 
+      - name: Install cri-containerd dependencies
+        shell: bash
+        env:
+          RUNC_FLAVOR: runc
+          DESTDIR: ${{ github.workspace }}/cri-release
+        run: |
+          mkdir ${DESTDIR}
+          if [[ "${OS}" == "linux" ]]; then
+            sudo install -d ${DESTDIR}/usr/local/bin
+            sudo install -D -m 755 bin/* ${DESTDIR}/usr/local/bin
+            sudo install -d ${DESTDIR}/opt/containerd/cluster
+            sudo cp -r contrib/gce ${DESTDIR}/opt/containerd/cluster/
+            sudo install -d ${DESTDIR}/etc/systemd/system
+            sudo install -m 644 containerd.service ${DESTDIR}/etc/systemd/system
+
+            sudo PATH=$PATH script/setup/install-seccomp
+            USESUDO=true script/setup/install-runc
+            script/setup/install-cni
+            script/setup/install-critools
+          elif [[ "${OS}" == "windows" ]]; then
+            script/setup/install-cni-windows
+            cp bin/* ${DESTDIR}/
+          fi
+        working-directory: src/github.com/containerd/containerd
+
+      - name: Make cri-containerd tar
+        shell: bash
+        run: |
+          TARFILE="cri-containerd-cni-${RELEASE_VER#v}-${OS}-amd64.tar.gz"
+          [[ "${OS}" == "linux" ]] && tar czf ${TARFILE} etc usr opt
+          [[ "${OS}" == "windows" ]] && tar czf ${TARFILE} *
+          sha256sum ${TARFILE} >${TARFILE}.sha256sum
+        working-directory: cri-release
+
+      - name: Save cri-containerd binaries
+        uses: actions/upload-artifact@v2
+        with:
+          name: cri-containerd-binaries-${{ matrix.os }}
+          path: cri-release/cri-containerd-cni-*.tar.gz*
+
   release:
     name: Create containerd Release
     runs-on: ubuntu-18.04
@@ -135,8 +181,12 @@ jobs:
         run: |
           _filenum=1
           for i in "ubuntu-18.04" "windows-2019"; do
-            for i in `ls builds/containerd-binaries-${i}`; do
-              echo "::set-output name=file${_filenum}::${i}"
+            for f in `ls builds/containerd-binaries-${i}`; do
+              echo "::set-output name=file${_filenum}::${f}"
+              let "_filenum+=1"
+            done
+            for f in `ls builds/cri-containerd-binaries-${i}`; do
+              echo "::set-output name=file${_filenum}::${f}"
               let "_filenum+=1"
             done
           done
@@ -169,21 +219,57 @@ jobs:
           asset_path: ./builds/containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file2 }}
           asset_name: ${{ steps.catalog.outputs.file2 }}
           asset_content_type: text/plain
-      - name: Upload Windows containerd tarball
+      - name: Upload Linux cri containerd tarball
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file3 }}
+          asset_path: ./builds/cri-containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file3 }}
           asset_name: ${{ steps.catalog.outputs.file3 }}
           asset_content_type: application/gzip
-      - name: Upload Windows sha256 sum
+      - name: Upload Linux cri sha256 sum
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file4 }}
+          asset_path: ./builds/cri-containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file4 }}
           asset_name: ${{ steps.catalog.outputs.file4 }}
           asset_content_type: text/plain
+      - name: Upload Windows containerd tarball
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file5 }}
+          asset_name: ${{ steps.catalog.outputs.file5 }}
+          asset_content_type: application/gzip
+      - name: Upload Windows sha256 sum
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file6 }}
+          asset_name: ${{ steps.catalog.outputs.file6 }}
+          asset_content_type: text/plain
+      - name: Upload Windows cri containerd tarball
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./builds/cri-containerd-binaries-windows-2019/${{ steps.catalog.outputs.file7 }}
+          asset_name: ${{ steps.catalog.outputs.file7 }}
+          asset_content_type: application/gzip
+      - name: Upload Windows cri sha256 sum
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./builds/cri-containerd-binaries-windows-2019/${{ steps.catalog.outputs.file8 }}
+          asset_name: ${{ steps.catalog.outputs.file8 }}
+          asset_content_type: text/plain
diff --git a/script/setup/install-cni b/script/setup/install-cni
@@ -22,8 +22,8 @@
 set -eu -o pipefail
 
 CNI_COMMIT=$(grep containernetworking/plugins "$GOPATH"/src/github.com/containerd/containerd/vendor.conf | awk '{print $2}')
-CNI_DIR=/opt/cni
-CNI_CONFIG_DIR=/etc/cni/net.d
+CNI_DIR=${DESTDIR}/opt/cni
+CNI_CONFIG_DIR=${DESTDIR}/etc/cni/net.d
 
 go get -d github.com/containernetworking/plugins/...
 cd "$GOPATH"/src/github.com/containernetworking/plugins
@@ -32,7 +32,7 @@ FASTBUILD=true ./build.sh
 sudo mkdir -p $CNI_DIR
 sudo cp -r ./bin $CNI_DIR
 sudo mkdir -p $CNI_CONFIG_DIR
-cat <<EOF | sudo tee $CNI_CONFIG_DIR/10-containerd-net.conflist
+cat | sudo tee $CNI_CONFIG_DIR/10-containerd-net.conflist <<EOF
 {
   "cniVersion": "0.3.1",
   "name": "containerd-net",
@@ -45,9 +45,17 @@ cat <<EOF | sudo tee $CNI_CONFIG_DIR/10-containerd-net.conflist
       "promiscMode": true,
       "ipam": {
         "type": "host-local",
-        "subnet": "10.88.0.0/16",
+        "ranges": [
+          [{
+            "subnet": "10.88.0.0/16"
+          }],
+          [{
+            "subnet": "2001:4860:4860::8888/32"
+          }]
+        ],
         "routes": [
-          { "dst": "0.0.0.0/0" }
+          { "dst": "0.0.0.0/0" },
+          { "dst": "::/0" }
         ]
       }
     },

diff --git a/script/setup/install-cni-windows b/script/setup/install-cni-windows
@@ -0,0 +1,97 @@
+#!/bin/bash
+
+#   Copyright The containerd Authors.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+set -eu -o pipefail
+
+destdir="${destdir:-"C:\\Program Files\\containerd"}"
+WINCNI_BIN_DIR="${destdir}/cni"
+WINCNI_PKG=github.com/Microsoft/windows-container-networking
+WINCNI_VERSION=aa10a0b31e9f72937063436454def1760b858ee2
+
+go get -d "${WINCNI_PKG}/..."
+cd "${GOPATH}/src/${WINCNI_PKG}"
+git checkout "${WINCNI_VERSION}"
+make all
+install -D -m 755 "out/nat.exe" "${WINCNI_BIN_DIR}/nat.exe"
+install -D -m 755 "out/sdnbridge.exe" "${WINCNI_BIN_DIR}/sdnbridge.exe"
+install -D -m 755 "out/sdnoverlay.exe" "${WINCNI_BIN_DIR}/sdnoverlay.exe"
+
+CNI_CONFIG_DIR="${destdir}/cni/conf"
+mkdir -p "${CNI_CONFIG_DIR}"
+
+# split_ip splits ip into a 4-element array.
+split_ip() {
+  local -r varname="$1"
+  local -r ip="$2"
+  for i in {0..3}; do
+    eval "$varname"[$i]=$( echo "$ip" | cut -d '.' -f $((i + 1)) )
+  done
+}
+
+# subnet gets subnet for a gateway, e.g. 192.168.100.0/24.
+calculate_subnet() {
+  local -r gateway="$1"
+  local -r prefix_len="$2"
+  split_ip gateway_array "$gateway"
+  local len=$prefix_len
+  for i in {0..3}; do
+    if (( len >= 8 )); then
+      mask=255
+    elif (( len > 0 )); then
+      mask=$(( 256 - 2 ** ( 8 - len ) ))
+    else
+      mask=0
+    fi
+    (( len -= 8 ))
+    result_array[i]=$(( gateway_array[i] & mask ))
+  done
+  result="$(printf ".%s" "${result_array[@]}")"
+  result="${result:1}"
+  echo "$result/$((32 - prefix_len))"
+}
+
+# nat already exists on the Windows VM, the subnet and gateway
+# we specify should match that.
+gateway="$(powershell -c "(Get-NetIPAddress -InterfaceAlias 'vEthernet (nat)' -AddressFamily IPv4).IPAddress")"
+prefix_len="$(powershell -c "(Get-NetIPAddress -InterfaceAlias 'vEthernet (nat)' -AddressFamily IPv4).PrefixLength")"
+
+subnet="$(calculate_subnet "$gateway" "$prefix_len")"
+
+# The "name" field in the config is used as the underlying
+# network type right now (see
+# https://github.com/microsoft/windows-container-networking/pull/45),
+# so it must match a network type in:
+# https://docs.microsoft.com/en-us/windows-server/networking/technologies/hcn/hcn-json-document-schemas
+bash -c 'cat >"'"${CNI_CONFIG_DIR}"'"/0-containerd-nat.conf <<EOF
+{
+    "cniVersion": "0.2.0",
+    "name": "nat",
+    "type": "nat",
+    "master": "Ethernet",
+    "ipam": {
+        "subnet": "'$subnet'",
+        "routes": [
+            {
+                "GW": "'$gateway'"
+            }
+        ]
+    },
+    "capabilities": {
+        "portMappings": true,
+        "dns": true
+    }
+}
+EOF'
diff --git a/script/setup/install-critools b/script/setup/install-critools
@@ -26,4 +26,8 @@ go get -d github.com/kubernetes-sigs/cri-tools/...
 cd "$GOPATH"/src/github.com/kubernetes-sigs/cri-tools
 git checkout $CRITEST_COMMIT
 make
-sudo make install
+
+sudo make install -e BINDIR=${DESTDIR}/usr/local/bin
+cat | sudo tee ${DESTDIR}/etc/crictl.yaml <<EOF
+runtime-endpoint: unix:///run/containerd/containerd.sock
+EOF
diff --git a/script/setup/install-runc b/script/setup/install-runc
@@ -27,7 +27,12 @@ function install_runc() {
 	cd "$GOPATH"/src/github.com/opencontainers/runc
 	git checkout $RUNC_COMMIT
 	make BUILDTAGS='apparmor seccomp selinux' runc
-	make install
+
+	USESUDO=${USESUDO:-false}
+	if ${USESUDO}; then
+	  SUDO="sudo"
+	fi
+	${SUDO} make install
 }
 
 function install_crun() {