diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e84474ef..f10348c9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-01-17T14:50:07Z by kres latest. +# Generated on 2024-02-02T18:53:51Z by kres latest. name: default concurrency: @@ -33,7 +33,7 @@ jobs: labels: ${{ steps.retrieve-pr-labels.outputs.result }} services: buildkitd: - image: moby/buildkit:v0.12.4 + image: moby/buildkit:v0.12.5 options: --privileged ports: - 1234:1234 @@ -115,7 +115,7 @@ jobs: - default services: buildkitd: - image: moby/buildkit:v0.12.4 + image: moby/buildkit:v0.12.5 options: --privileged ports: - 1234:1234 diff --git a/.github/workflows/weekly.yaml b/.github/workflows/weekly.yaml index 1666206c..4d303a72 100644 --- a/.github/workflows/weekly.yaml +++ b/.github/workflows/weekly.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2023-12-12T23:07:05Z by kres latest. +# Generated on 2024-02-02T18:53:51Z by kres latest. name: weekly concurrency: @@ -16,7 +16,7 @@ jobs: - pkgs services: buildkitd: - image: moby/buildkit:v0.12.4 + image: moby/buildkit:v0.12.5 options: --privileged ports: - 1234:1234 diff --git a/.kres.yaml b/.kres.yaml index 900ce39b..fda5e026 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -32,6 +32,7 @@ spec: - usb-modem-drivers - util-linux-tools - v4l-uvc-drivers + - wasmedge - xe-guest-utilities # - zfs see https://github.com/siderolabs/pkgs/pull/873 additionalTargets: diff --git a/Makefile b/Makefile index 53c5402e..220c4bd8 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-02-01T17:35:15Z by kres latest. +# Generated on 2024-02-02T14:30:15Z by kres latest. # common variables @@ -79,6 +79,7 @@ TARGETS += thunderbolt TARGETS += usb-modem-drivers TARGETS += util-linux-tools TARGETS += v4l-uvc-drivers +TARGETS += wasmedge TARGETS += xe-guest-utilities NONFREE_TARGETS = nonfree-kmod-nvidia diff --git a/README.md b/README.md index 13fc1d05..58a5e628 100644 --- a/README.md +++ b/README.md @@ -40,11 +40,12 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi ### Container Runtimes -| Name | Image | Description | Version Format | -| ----------------------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------- | ---------------------------------- | -| [gvisor](container-runtime/gvisor/) | [ghcr.io/siderolabs/gvisor](https://github.com/siderolabs/extensions/pkgs/container/gvisor) | [gVisor](https://gvisor.dev/) container runtime | `upstream version` | -| [stargz-snapshotter](container-runtime/stargz-snapshotter/) | [ghcr.io/siderolabs/stargz-snapshotter](https://github.com/siderolabs/extensions/pkgs/container/stargz-snapshotter) | [Stargz Snapshotter](https://github.com/containerd/stargz-snapshotter) container runtime | `upstream version` | +| Name | Image | Description | Version Format | +| -------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------ | +| [gvisor](container-runtime/gvisor/) | [ghcr.io/siderolabs/gvisor](https://github.com/siderolabs/extensions/pkgs/container/gvisor) | [gVisor](https://gvisor.dev/) container runtime | `upstream version` | +| [stargz-snapshotter](container-runtime/stargz-snapshotter/) | [ghcr.io/siderolabs/stargz-snapshotter](https://github.com/siderolabs/extensions/pkgs/container/stargz-snapshotter) | [Stargz Snapshotter](https://github.com/containerd/stargz-snapshotter) container runtime | `upstream version` | | [ecr-credential-provider](container-runtime/ecr-credential-provider) | [ghcr.io/siderolabs/ecr-credential-provider](https://github.com/siderolabs/extensions/pkgs/container/ecr-credential-provider) | [ECR Credential Provider](https://github.com/kubernetes/cloud-provider-aws/tree/master/cmd/ecr-credential-provider) kubelet plugin | `upstream version` | +| [wasmedge](container-runtime/wasmedge) | [ghcr.io/siderolabs/wasmedge](https://github.com/siderolabs/extensions/pkgs/container/wasmedge) | [WasmEdge](https://github.com/containerd/runwasi) container runtime | `upstream_version` | ### Firmware @@ -72,9 +73,9 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi ### Miscellaneous -| Name | Image | Description | Version Format | -| ------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------- | ------------------ | -| [binfmt-misc](misc/binfmt-misc) | [ghcr.io/siderolabs/binfmt-misc](https://github.com/siderolabs/extensions/pkgs/container/binfmt-misc) | Miscellaneous Binary Format | `talos version` | +| Name | Image | Description | Version Format | +| ------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------- | --------------- | +| [binfmt-misc](misc/binfmt-misc) | [ghcr.io/siderolabs/binfmt-misc](https://github.com/siderolabs/extensions/pkgs/container/binfmt-misc) | Miscellaneous Binary Format | `talos version` | ### Network @@ -84,19 +85,19 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi ### Storage -| Name | Image | Description | Version Format | -| ----------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- | ---------------------------------- | -| [iscsi-tools](storage/iscsi-tools/) | [ghcr.io/siderolabs/iscsi-tools](https://github.com/siderolabs/extensions/pkgs/container/iscsi-tools) | Open iSCSI tools | `v0.1.0` | -| [mdadm](storage/mdadm/) | [ghcr.io/siderolabs/mdadm](https://github.com/siderolabs/extensions/pkgs/container/mdadm) | manage MD devices tool | `upstream version` | -| [drbd](storage/drbd/) | [ghcr.io/siderolabs/drbd](https://github.com/siderolabs/extensions/pkgs/container/drbd) | DRBD driver module | `upstream version`-`talos version` | -| [zfs](storage/zfs/) | [ghcr.io/siderolabs/zfs](https://github.com/siderolabs/extensions/pkgs/container/zfs) | ZFS driver module | `upstream version`-`talos version` | -| [btrfs](storage/btrfs/) | [ghcr.io/siderolabs/btrfs](https://github.com/siderolabs/extensions/pkgs/container/btrfs) | BTRFS driver module | `talos version` | +| Name | Image | Description | Version Format | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | ---------------------------------- | +| [iscsi-tools](storage/iscsi-tools/) | [ghcr.io/siderolabs/iscsi-tools](https://github.com/siderolabs/extensions/pkgs/container/iscsi-tools) | Open iSCSI tools | `v0.1.0` | +| [mdadm](storage/mdadm/) | [ghcr.io/siderolabs/mdadm](https://github.com/siderolabs/extensions/pkgs/container/mdadm) | manage MD devices tool | `upstream version` | +| [drbd](storage/drbd/) | [ghcr.io/siderolabs/drbd](https://github.com/siderolabs/extensions/pkgs/container/drbd) | DRBD driver module | `upstream version`-`talos version` | +| [zfs](storage/zfs/) | [ghcr.io/siderolabs/zfs](https://github.com/siderolabs/extensions/pkgs/container/zfs) | ZFS driver module | `upstream version`-`talos version` | +| [btrfs](storage/btrfs/) | [ghcr.io/siderolabs/btrfs](https://github.com/siderolabs/extensions/pkgs/container/btrfs) | BTRFS driver module | `talos version` | ### Power -| Name | Image | Description | Version Format | -| ------------------------------- | --------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | ---------------------------------- | -| [nut-client](power/nut-client/) | [ghcr.io/siderolabs/nut-client](https://github.com/siderolabs/talos-extensions/pkgs/container/nut-client) | [Network UPS Tools](https://networkupstools.org) upsmon client | `upstream version` | +| Name | Image | Description | Version Format | +| ------------------------------- | --------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | ------------------ | +| [nut-client](power/nut-client/) | [ghcr.io/siderolabs/nut-client](https://github.com/siderolabs/talos-extensions/pkgs/container/nut-client) | [Network UPS Tools](https://networkupstools.org) upsmon client | `upstream version` | ### Guest Agents diff --git a/container-runtime/vars.yaml b/container-runtime/vars.yaml index ffddc6fd..d7d416ba 100644 --- a/container-runtime/vars.yaml +++ b/container-runtime/vars.yaml @@ -4,3 +4,5 @@ GVISOR_VERSION: 20240109.0 STARGZ_SNAPSHOTTER_VERSION: v0.15.1 # renovate: datasource=github-releases depName=kubernetes/cloud-provider-aws CLOUD_PROVIDER_AWS_VERSION: v1.28.1 +# renovate: datasource=github-tags depName=containerd/runwasi +WASMEDGE_VERSION: v0.3.0 diff --git a/container-runtime/wasmedge/README.md b/container-runtime/wasmedge/README.md new file mode 100644 index 00000000..b2ddf88b --- /dev/null +++ b/container-runtime/wasmedge/README.md @@ -0,0 +1,42 @@ +# WasmEdge extension + +## Installation + +See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions). + +## Usage + +In order to create the Wasm workload, a runtimeclass needs to be created. + +```yaml +apiVersion: node.k8s.io/v1 +kind: RuntimeClass +metadata: + name: wasmedge +handler: wasmedge +``` + +## Testing + +Apply the following manifest to run sample pod using wasmedge: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: wasmedge-test +spec: + restartPolicy: Never + runtimeClassName: wasmedge + containers: + - name: wasmedge-test + image: wasmedge/example-wasi:latest +``` + +The pod should run without any errors: + +```bash +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +wasmedge-test 0/1 Completed 0 28s +``` diff --git a/container-runtime/wasmedge/manifest.yaml b/container-runtime/wasmedge/manifest.yaml new file mode 100644 index 00000000..1b71223f --- /dev/null +++ b/container-runtime/wasmedge/manifest.yaml @@ -0,0 +1,10 @@ +version: v1alpha1 +metadata: + name: wasmedge + version: "$VERSION" + author: Sidero Labs + description: | + This system extension provides support for WasmEdge runtime (WebAssembly) containers. + compatibility: + talos: + version: ">= v1.0.0" diff --git a/container-runtime/wasmedge/pkg.yaml b/container-runtime/wasmedge/pkg.yaml new file mode 100644 index 00000000..3401bdd6 --- /dev/null +++ b/container-runtime/wasmedge/pkg.yaml @@ -0,0 +1,33 @@ +name: wasmedge +variant: scratch +shell: /toolchain/bin/bash +dependencies: + - stage: base +steps: + - sources: + # {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr + - url: https://github.com/containerd/runwasi/releases/download/containerd-shim-wasmedge/{{ .WASMEDGE_VERSION }}/containerd-shim-wasmedge-aarch64.tar.gz + destination: containerd-shim-wasmedge.tar.gz + sha256: beeba8ea5484eea8a3f73f67d755a9438507ede8b6d6292b99480b21b4b06b70 + sha512: a42a219e02943e66fefee210e4d881c7d7e12117da3a7b0fb8139c63846aed2c9db2a60521d3c6f3decc30a7b6335036e5abcf3f13ff2ee67d569f3b7a085ca1 + # {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr + - url: https://github.com/containerd/runwasi/releases/download/containerd-shim-wasmedge/{{ .WASMEDGE_VERSION }}/containerd-shim-wasmedge-x86_64.tar.gz + destination: containerd-shim-wasmedge.tar.gz + sha256: e1b40eb21fb9d45ffa73a3b345a8dfc0a02e9336239a11cb59bdc3110f730682 + sha512: d7529d8c449762d29e8186576174dbe55832c18f5e07f2f3085675a7c6369e22f178b13bcc2db4c3560aaa8496956e51f61bd092ee41733359f677f1761874d6 + # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr + prepare: + - | + sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml + install: + - | + mkdir -p /rootfs/usr/local/bin + + tar xf containerd-shim-wasmedge.tar.gz -C /rootfs/usr/local/bin +finalize: + - from: /rootfs + to: /rootfs + - from: /pkg/manifest.yaml + to: / + - from: /pkg/wasm.part + to: /rootfs/etc/cri/conf.d/wasm.part diff --git a/container-runtime/wasmedge/vars.yaml b/container-runtime/wasmedge/vars.yaml new file mode 100644 index 00000000..fcf44a28 --- /dev/null +++ b/container-runtime/wasmedge/vars.yaml @@ -0,0 +1 @@ +VERSION: "{{ .WASMEDGE_VERSION }}" diff --git a/container-runtime/wasmedge/wasm.part b/container-runtime/wasmedge/wasm.part new file mode 100644 index 00000000..c8c6f124 --- /dev/null +++ b/container-runtime/wasmedge/wasm.part @@ -0,0 +1,2 @@ +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.wasmedge] + runtime_type = "io.containerd.wasmedge.v1"