[feature request] support containerd v2 shim

[zhuangqh]

Why you need it?

using custom shim for different runtimes.

After upgrade to containerd v1.2, it's time to introduce this feature to PouchContainer.

How it could be?

TBD

Other related information

[fuweid]

we synced this offline and I think we should make a plan to handle. At least, we should have proposal here :)

[zhuangqh]

Proposal: support containerd shimv2

New Runtime config

type Runtime struct {
  // **NEW FIELD**
	// Type is the runtime type used in containerd.
	Type string `json:"type"`

  // **NEW FIELD**
	// Options are config options for specific runtime.
	Options interface{} `json:"options,omitempty"`

	// Name and, optional, path, of the OCI executable binary.
	//
	// If the path is omitted, the daemon searches the host's `$PATH` for the
	// binary and uses the first result.
	//
	Path string `json:"path,omitempty"`

	// List of command-line arguments to pass to the runtime when invoked.
  //
  // DEPRECATED: use Options instead. Remove when shim v1 is deprecated.
	RuntimeArgs []string `json:"runtimeArgs"`
}

Type

Distinguish the v1 and v2 containerd shim.

shim v1
sperate identification io.containerd.runtime.v1.linux 

shim v2
in format io.containerd.${runtime}.${version} ,like io.containerd.runc.v1 . 

Options

you can pass any acceptable typed options.

shim v1
only the RuncOptions is acceptable.

type RuncOptions struct {
	Runtime       string `protobuf:"bytes,1,opt,name=runtime,proto3" json:"runtime,omitempty"`
	RuntimeRoot   string `protobuf:"bytes,2,opt,name=runtime_root,json=runtimeRoot,proto3" json:"runtime_root,omitempty"`
	CriuPath      string `protobuf:"bytes,3,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"`
	SystemdCgroup bool   `protobuf:"varint,4,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"`
}

shim v2
Custom definitions for different runtimes, would be passed to the shim directly.

take io.containerd.runc.v1 for example.

type Options struct {
	// disable pivot root when creating a container
	NoPivotRoot bool `protobuf:"varint,1,opt,name=no_pivot_root,json=noPivotRoot,proto3" json:"no_pivot_root,omitempty"`
	// create a new keyring for the container
	NoNewKeyring bool `protobuf:"varint,2,opt,name=no_new_keyring,json=noNewKeyring,proto3" json:"no_new_keyring,omitempty"`
	// place the shim in a cgroup
	ShimCgroup string `protobuf:"bytes,3,opt,name=shim_cgroup,json=shimCgroup,proto3" json:"shim_cgroup,omitempty"`
	// set the I/O's pipes uid
	IoUid uint32 `protobuf:"varint,4,opt,name=io_uid,json=ioUid,proto3" json:"io_uid,omitempty"`
	// set the I/O's pipes gid
	IoGid uint32 `protobuf:"varint,5,opt,name=io_gid,json=ioGid,proto3" json:"io_gid,omitempty"`
	// binary name of the runc binary
	BinaryName string `protobuf:"bytes,6,opt,name=binary_name,json=binaryName,proto3" json:"binary_name,omitempty"`
	// runc root directory
	Root string `protobuf:"bytes,7,opt,name=root,proto3" json:"root,omitempty"`
	// criu binary path
	CriuPath string `protobuf:"bytes,8,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"`
	// enable systemd cgroups
	SystemdCgroup bool `protobuf:"varint,9,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"`
}

Compatibility

Compatible with legacy version PouchContainer.

In the shim v1 era, PouchContainer will generate a shell file by combining the RuntimeArgs with the runtime binary path, replace the path of runtime binary with the path of the shell file. That is a common solution for user to pass the extra arguments, which would be deprecated in shim v2 era. However, that processing is compatible with the mechanism we provided for shim v2.

UX

Add the extra runtime config to the pouch config, and do what you are used to doing, like

pouch run -it --runtime runsc busybox sh

[zhuangqh]

cc @Ace-Tang @fuweid