2021-09-15 21:31:11 +00:00
//go:build linux
2021-06-01 19:29:46 +00:00
// +build linux
package containerd
import (
"os"
2022-03-29 23:16:34 +00:00
"github.com/containerd/containerd"
2022-12-09 23:42:15 +00:00
overlayutils "github.com/containerd/containerd/snapshots/overlay/overlayutils"
fuseoverlayfs "github.com/containerd/fuse-overlayfs-snapshotter"
stargz "github.com/containerd/stargz-snapshotter/service"
2022-07-28 08:53:56 +00:00
"github.com/docker/docker/pkg/parsers/kernel"
2022-03-02 23:47:27 +00:00
"github.com/k3s-io/k3s/pkg/agent/templates"
"github.com/k3s-io/k3s/pkg/cgroups"
"github.com/k3s-io/k3s/pkg/daemons/config"
"github.com/k3s-io/k3s/pkg/version"
2021-07-02 08:43:15 +00:00
"github.com/opencontainers/runc/libcontainer/userns"
2021-06-01 19:29:46 +00:00
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
2024-08-15 21:55:41 +00:00
"k8s.io/cri-client/pkg/util"
2021-06-01 19:29:46 +00:00
)
2024-01-28 20:22:59 +00:00
const (
socketPrefix = "unix://"
2024-09-26 16:12:45 +00:00
runtimesPath = "/usr/local/nvidia/toolkit:/opt/kwasm/bin"
2024-01-28 20:22:59 +00:00
)
2021-12-16 20:00:40 +00:00
2021-06-10 19:27:00 +00:00
func getContainerdArgs ( cfg * config . Node ) [ ] string {
args := [ ] string {
"containerd" ,
"-c" , cfg . Containerd . Config ,
"-a" , cfg . Containerd . Address ,
"--state" , cfg . Containerd . State ,
"--root" , cfg . Containerd . Root ,
}
return args
}
2024-01-08 22:38:36 +00:00
// SetupContainerdConfig generates the containerd.toml, using a template combined with various
2021-06-01 19:29:46 +00:00
// runtime configurations and registry mirror settings provided by the administrator.
2024-01-08 22:38:36 +00:00
func SetupContainerdConfig ( cfg * config . Node ) error {
2021-07-02 08:43:15 +00:00
isRunningInUserNS := userns . RunningInUserNS ( )
2022-04-18 23:06:50 +00:00
_ , _ , controllers := cgroups . CheckCgroups ( )
2021-06-01 19:29:46 +00:00
// "/sys/fs/cgroup" is namespaced
cgroupfsWritable := unix . Access ( "/sys/fs/cgroup" , unix . W_OK ) == nil
2022-04-18 23:06:50 +00:00
disableCgroup := isRunningInUserNS && ( ! controllers [ "cpu" ] || ! controllers [ "pids" ] || ! cgroupfsWritable )
2021-06-01 19:29:46 +00:00
if disableCgroup {
logrus . Warn ( "cgroup v2 controllers are not delegated for rootless. Disabling cgroup." )
2022-04-19 19:04:20 +00:00
} else {
2022-07-13 00:03:25 +00:00
// note: this mutatation of the passed agent.Config is later used to set the
// kubelet's cgroup-driver flag. This may merit moving to somewhere else in order
// to avoid mutating the configuration while setting up containerd.
cfg . AgentConfig . Systemd = ! isRunningInUserNS && controllers [ "cpuset" ] && os . Getenv ( "INVOCATION_ID" ) != ""
2021-06-01 19:29:46 +00:00
}
2024-09-26 16:12:45 +00:00
// set the path to include the default runtimes and remove the aditional path entries
2024-01-28 20:22:59 +00:00
// that we added after finding the runtimes
originalPath := os . Getenv ( "PATH" )
2024-09-26 16:12:45 +00:00
os . Setenv ( "PATH" , runtimesPath + string ( os . PathListSeparator ) + originalPath )
2024-01-28 20:22:59 +00:00
extraRuntimes := findContainerRuntimes ( )
os . Setenv ( "PATH" , originalPath )
2023-11-21 20:38:56 +00:00
// Verifies if the DefaultRuntime can be found
if _ , ok := extraRuntimes [ cfg . DefaultRuntime ] ; ! ok && cfg . DefaultRuntime != "" {
return errors . Errorf ( "default runtime %s was not found" , cfg . DefaultRuntime )
}
2023-11-13 22:43:41 +00:00
2021-06-01 19:29:46 +00:00
containerdConfig := templates . ContainerdConfig {
NodeConfig : cfg ,
DisableCgroup : disableCgroup ,
2022-04-19 19:04:20 +00:00
SystemdCgroup : cfg . AgentConfig . Systemd ,
2021-06-01 19:29:46 +00:00
IsRunningInUserNS : isRunningInUserNS ,
2022-07-28 08:53:56 +00:00
EnableUnprivileged : kernel . CheckKernelVersion ( 4 , 11 , 0 ) ,
2023-12-05 18:16:22 +00:00
PrivateRegistryConfig : cfg . AgentConfig . Registry ,
2023-11-13 22:43:41 +00:00
ExtraRuntimes : extraRuntimes ,
2023-03-13 20:42:17 +00:00
Program : version . Program ,
2023-11-30 02:14:01 +00:00
NoDefaultEndpoint : cfg . Containerd . NoDefault ,
2021-06-01 19:29:46 +00:00
}
selEnabled , selConfigured , err := selinuxStatus ( )
if err != nil {
return errors . Wrap ( err , "failed to detect selinux" )
}
switch {
case ! cfg . SELinux && selEnabled :
logrus . Warn ( "SELinux is enabled on this host, but " + version . Program + " has not been started with --selinux - containerd SELinux support is disabled" )
case cfg . SELinux && ! selConfigured :
logrus . Warnf ( "SELinux is enabled for " + version . Program + " but process is not running in context '%s', " + version . Program + "-selinux policy may need to be applied" , SELinuxContextType )
}
2023-11-30 02:14:01 +00:00
if err := writeContainerdConfig ( cfg , containerdConfig ) ; err != nil {
2021-06-01 19:29:46 +00:00
return err
}
2023-11-30 02:14:01 +00:00
return writeContainerdHosts ( cfg , containerdConfig )
2021-06-01 19:29:46 +00:00
}
2021-06-10 19:27:00 +00:00
2022-03-29 23:16:34 +00:00
func Client ( address string ) ( * containerd . Client , error ) {
2021-12-16 20:00:40 +00:00
addr , _ , err := util . GetAddressAndDialer ( socketPrefix + address )
2022-03-29 23:16:34 +00:00
if err != nil {
return nil , err
}
return containerd . New ( addr )
}
2022-12-09 23:42:15 +00:00
func OverlaySupported ( root string ) error {
return overlayutils . Supported ( root )
}
func FuseoverlayfsSupported ( root string ) error {
return fuseoverlayfs . Supported ( root )
}
func StargzSupported ( root string ) error {
return stargz . Supported ( root )
}