feat: add wasm runtime

Adds wasm runtime using wasmedge.

Signed-off-by: Saiyam Pathak <saiyam911@gmail.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>

.github/workflows/ci.yaml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-01-17T14:50:07Z by kres latest.
+# Generated on 2024-02-02T18:53:51Z by kres latest.
 
 name: default
 concurrency:
@@ -33,7 +33,7 @@ jobs:
       labels: ${{ steps.retrieve-pr-labels.outputs.result }}
     services:
       buildkitd:
-        image: moby/buildkit:v0.12.4
+        image: moby/buildkit:v0.12.5
         options: --privileged
         ports:
           - 1234:1234
@@ -115,7 +115,7 @@ jobs:
       - default
     services:
       buildkitd:
-        image: moby/buildkit:v0.12.4
+        image: moby/buildkit:v0.12.5
         options: --privileged
         ports:
           - 1234:1234

.github/workflows/weekly.yaml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2023-12-12T23:07:05Z by kres latest.
+# Generated on 2024-02-02T18:53:51Z by kres latest.
 
 name: weekly
 concurrency:
@@ -16,7 +16,7 @@ jobs:
       - pkgs
     services:
       buildkitd:
-        image: moby/buildkit:v0.12.4
+        image: moby/buildkit:v0.12.5
         options: --privileged
         ports:
           - 1234:1234

.kres.yaml

@@ -32,6 +32,7 @@ spec:
     - usb-modem-drivers
     - util-linux-tools
     - v4l-uvc-drivers
+    - wasmedge
     - xe-guest-utilities
     # - zfs see https://github.com/siderolabs/pkgs/pull/873
   additionalTargets:

Makefile

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-02-01T17:35:15Z by kres latest.
+# Generated on 2024-02-02T14:30:15Z by kres latest.
 
 # common variables
 
@@ -79,6 +79,7 @@ TARGETS += thunderbolt
 TARGETS += usb-modem-drivers
 TARGETS += util-linux-tools
 TARGETS += v4l-uvc-drivers
+TARGETS += wasmedge
 TARGETS += xe-guest-utilities
 NONFREE_TARGETS = nonfree-kmod-nvidia
 

README.md

@@ -40,11 +40,12 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi
 
 ### Container Runtimes
 
-| Name                                | Image                                                                                       | Description                                     | Version Format                     |
-| ----------------------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------- | ---------------------------------- |
-| [gvisor](container-runtime/gvisor/) | [ghcr.io/siderolabs/gvisor](https://github.com/siderolabs/extensions/pkgs/container/gvisor) | [gVisor](https://gvisor.dev/) container runtime | `upstream version`                 |
-| [stargz-snapshotter](container-runtime/stargz-snapshotter/) | [ghcr.io/siderolabs/stargz-snapshotter](https://github.com/siderolabs/extensions/pkgs/container/stargz-snapshotter) | [Stargz Snapshotter](https://github.com/containerd/stargz-snapshotter) container runtime | `upstream version` |
+| Name                                                                 | Image                                                                                                                         | Description                                                                                                                        | Version Format     |
+| -------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
+| [gvisor](container-runtime/gvisor/)                                  | [ghcr.io/siderolabs/gvisor](https://github.com/siderolabs/extensions/pkgs/container/gvisor)                                   | [gVisor](https://gvisor.dev/) container runtime                                                                                    | `upstream version` |
+| [stargz-snapshotter](container-runtime/stargz-snapshotter/)          | [ghcr.io/siderolabs/stargz-snapshotter](https://github.com/siderolabs/extensions/pkgs/container/stargz-snapshotter)           | [Stargz Snapshotter](https://github.com/containerd/stargz-snapshotter) container runtime                                           | `upstream version` |
 | [ecr-credential-provider](container-runtime/ecr-credential-provider) | [ghcr.io/siderolabs/ecr-credential-provider](https://github.com/siderolabs/extensions/pkgs/container/ecr-credential-provider) | [ECR Credential Provider](https://github.com/kubernetes/cloud-provider-aws/tree/master/cmd/ecr-credential-provider) kubelet plugin | `upstream version` |
+| [wasmedge](container-runtime/wasmedge)                               | [ghcr.io/siderolabs/wasmedge](https://github.com/siderolabs/extensions/pkgs/container/wasmedge)                               | [WasmEdge](https://github.com/containerd/runwasi) container runtime                                                                | `upstream_version` |
 
 ### Firmware
 
@@ -72,9 +73,9 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi
 
 ### Miscellaneous
 
-| Name                            | Image                                                                                             | Description                        | Version Format     |
-| ------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------- | ------------------ |
-| [binfmt-misc](misc/binfmt-misc) | [ghcr.io/siderolabs/binfmt-misc](https://github.com/siderolabs/extensions/pkgs/container/binfmt-misc) | Miscellaneous Binary Format | `talos version`                                       |
+| Name                            | Image                                                                                                 | Description                 | Version Format  |
+| ------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------- | --------------- |
+| [binfmt-misc](misc/binfmt-misc) | [ghcr.io/siderolabs/binfmt-misc](https://github.com/siderolabs/extensions/pkgs/container/binfmt-misc) | Miscellaneous Binary Format | `talos version` |
 
 ### Network
 
@@ -84,19 +85,19 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi
 
 ### Storage
 
-| Name                                | Image                                                                                                 | Description         | Version Format                     |
-| ----------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- | ---------------------------------- |
-| [iscsi-tools](storage/iscsi-tools/) | [ghcr.io/siderolabs/iscsi-tools](https://github.com/siderolabs/extensions/pkgs/container/iscsi-tools) | Open iSCSI tools    | `v0.1.0`                           |
-| [mdadm](storage/mdadm/)             | [ghcr.io/siderolabs/mdadm](https://github.com/siderolabs/extensions/pkgs/container/mdadm)             | manage MD devices tool | `upstream version`              |
-| [drbd](storage/drbd/)               | [ghcr.io/siderolabs/drbd](https://github.com/siderolabs/extensions/pkgs/container/drbd)               | DRBD driver module  | `upstream version`-`talos version` |
-| [zfs](storage/zfs/)                 | [ghcr.io/siderolabs/zfs](https://github.com/siderolabs/extensions/pkgs/container/zfs)                 | ZFS driver module   | `upstream version`-`talos version` |
-| [btrfs](storage/btrfs/)             | [ghcr.io/siderolabs/btrfs](https://github.com/siderolabs/extensions/pkgs/container/btrfs)             | BTRFS driver module | `talos version`                    |
+| Name                                | Image                                                                                                 | Description            | Version Format                     |
+| ----------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | ---------------------------------- |
+| [iscsi-tools](storage/iscsi-tools/) | [ghcr.io/siderolabs/iscsi-tools](https://github.com/siderolabs/extensions/pkgs/container/iscsi-tools) | Open iSCSI tools       | `v0.1.0`                           |
+| [mdadm](storage/mdadm/)             | [ghcr.io/siderolabs/mdadm](https://github.com/siderolabs/extensions/pkgs/container/mdadm)             | manage MD devices tool | `upstream version`                 |
+| [drbd](storage/drbd/)               | [ghcr.io/siderolabs/drbd](https://github.com/siderolabs/extensions/pkgs/container/drbd)               | DRBD driver module     | `upstream version`-`talos version` |
+| [zfs](storage/zfs/)                 | [ghcr.io/siderolabs/zfs](https://github.com/siderolabs/extensions/pkgs/container/zfs)                 | ZFS driver module      | `upstream version`-`talos version` |
+| [btrfs](storage/btrfs/)             | [ghcr.io/siderolabs/btrfs](https://github.com/siderolabs/extensions/pkgs/container/btrfs)             | BTRFS driver module    | `talos version`                    |
 
 ### Power
 
-| Name                            | Image                                                                                                     | Description                                                    | Version Format                     |
-| ------------------------------- | --------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | ---------------------------------- |
-| [nut-client](power/nut-client/) | [ghcr.io/siderolabs/nut-client](https://github.com/siderolabs/talos-extensions/pkgs/container/nut-client) | [Network UPS Tools](https://networkupstools.org) upsmon client | `upstream version`                 |
+| Name                            | Image                                                                                                     | Description                                                    | Version Format     |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | ------------------ |
+| [nut-client](power/nut-client/) | [ghcr.io/siderolabs/nut-client](https://github.com/siderolabs/talos-extensions/pkgs/container/nut-client) | [Network UPS Tools](https://networkupstools.org) upsmon client | `upstream version` |
 
 ### Guest Agents
 

container-runtime/vars.yaml

@@ -4,3 +4,5 @@ GVISOR_VERSION: 20240109.0
 STARGZ_SNAPSHOTTER_VERSION: v0.15.1
 # renovate: datasource=github-releases depName=kubernetes/cloud-provider-aws
 CLOUD_PROVIDER_AWS_VERSION: v1.28.1
+# renovate: datasource=github-tags depName=containerd/runwasi
+WASMEDGE_VERSION: v0.3.0

container-runtime/wasmedge/README.md

@@ -0,0 +1,42 @@
+# WasmEdge extension
+
+## Installation
+
+See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
+
+## Usage
+
+In order to create the Wasm workload, a runtimeclass needs to be created.
+
+```yaml
+apiVersion: node.k8s.io/v1
+kind: RuntimeClass
+metadata:
+  name: wasmedge
+handler: wasmedge
+```
+
+## Testing
+
+Apply the following manifest to run sample pod using wasmedge:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: wasmedge-test
+spec:
+  restartPolicy: Never
+  runtimeClassName: wasmedge
+  containers:
+  - name: wasmedge-test
+    image: wasmedge/example-wasi:latest
+```
+
+The pod should run without any errors:
+
+```bash
+$ kubectl get pods
+NAME            READY   STATUS      RESTARTS   AGE
+wasmedge-test   0/1     Completed   0          28s
+```

container-runtime/wasmedge/manifest.yaml

@@ -0,0 +1,10 @@
+version: v1alpha1
+metadata:
+  name: wasmedge
+  version: "$VERSION"
+  author: Sidero Labs
+  description: |
+    This system extension provides support for WasmEdge runtime (WebAssembly) containers.
+  compatibility:
+    talos:
+      version: ">= v1.0.0"

container-runtime/wasmedge/pkg.yaml

@@ -0,0 +1,33 @@
+name: wasmedge
+variant: scratch
+shell: /toolchain/bin/bash
+dependencies:
+  - stage: base
+steps:
+  - sources:
+    # {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
+      - url: https://github.com/containerd/runwasi/releases/download/containerd-shim-wasmedge/{{ .WASMEDGE_VERSION }}/containerd-shim-wasmedge-aarch64.tar.gz
+        destination: containerd-shim-wasmedge.tar.gz
+        sha256: beeba8ea5484eea8a3f73f67d755a9438507ede8b6d6292b99480b21b4b06b70
+        sha512: a42a219e02943e66fefee210e4d881c7d7e12117da3a7b0fb8139c63846aed2c9db2a60521d3c6f3decc30a7b6335036e5abcf3f13ff2ee67d569f3b7a085ca1
+    # {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
+      - url: https://github.com/containerd/runwasi/releases/download/containerd-shim-wasmedge/{{ .WASMEDGE_VERSION }}/containerd-shim-wasmedge-x86_64.tar.gz
+        destination: containerd-shim-wasmedge.tar.gz
+        sha256: e1b40eb21fb9d45ffa73a3b345a8dfc0a02e9336239a11cb59bdc3110f730682
+        sha512: d7529d8c449762d29e8186576174dbe55832c18f5e07f2f3085675a7c6369e22f178b13bcc2db4c3560aaa8496956e51f61bd092ee41733359f677f1761874d6
+    # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
+    prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+    install:
+      - |
+        mkdir -p /rootfs/usr/local/bin
+
+        tar xf containerd-shim-wasmedge.tar.gz -C /rootfs/usr/local/bin
+finalize:
+  - from: /rootfs
+    to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /
+  - from: /pkg/wasm.part
+    to: /rootfs/etc/cri/conf.d/wasm.part

container-runtime/wasmedge/vars.yaml

@@ -0,0 +1 @@
+VERSION: "{{ .WASMEDGE_VERSION }}"

container-runtime/wasmedge/wasm.part

@@ -0,0 +1,2 @@
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.wasmedge]
+  runtime_type = "io.containerd.wasmedge.v1"