Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nerdctl: 0.4.0 -> 0.5.0 #109938

Merged
merged 1 commit into from Jan 20, 2021
Merged

nerdctl: 0.4.0 -> 0.5.0 #109938

merged 1 commit into from Jan 20, 2021

Conversation

06kellyjac
Copy link
Member

@06kellyjac 06kellyjac commented Jan 19, 2021
edited

Motivation for this change

Bump nerdctl to 0.5.0

https://github.com/AkihiroSuda/nerdctl/releases/tag/v0.5.0

nerdctl has added a couple new features. Converting an image into the stargz format and running it worked fine.

λ sudo ./result/bin/nerdctl pull kubesec/kubesec:4423063
docker.io/kubesec/kubesec:4423063:                                                resolved       |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:872c9714ee29d3c3c1612de6ab3cb0b7c280e36c803cb5776b15594a6f115f1e: done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:69b89a0b05c6a1d122f59bda262c707caf2c2759af660e9db5347f69c8afa015:   done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:6d86d77bbc34395397c43c4a597c2d2f322f21f1edf7b80b753ca4fab468ea1b:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9ad85155a1f9edb01c502b175372a11f1368b75a549057995d5a945029fb7eae:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:daae948c2c65122b148d83341bef169dca2010b40e1d2ee502b65b7f92d996a8:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:df20fa9351a15782c64e6dddb2d4a6f50bf6d3688060a34c4014b0d9a752eb4c:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c63654b79c0b89141dd8d56da082d941252ffe37b3cb89db19087abbb6bb0335:    done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 8.8 s                                                                    total:  25.3 M (2.9 MiB/s)
λ sudo ./result/bin/nerdctl image convert --estargz --oci kubesec/kubesec:4423063 bob
sha256:43fa2f7d68af443e9cf133a708e9facea266ea21e49ca24237b2b9ce1fc8b79d
λ sudo ./result/bin/nerdctl images
REPOSITORY                   TAG                                                                 IMAGE ID        CREATED           SIZE
docker.io/kubesec/kubesec    4423063                                                             872c9714ee29    59 seconds ago    25.3 MiB
alpine                       latest                                                              c0e9560cda11    5 weeks ago       2.7 MiB
bob                          latest                                                              43fa2f7d68af    10 seconds ago    27.5 MiB
overlayfs@sha256             2be755139c98745b23098d3baeb76b4108ff3cfc9321f9c3a0fdac3f5a30af9d    2be755139c98    5 weeks ago       25.3 MiB

It now optionally requires a new isolation plugin which isn't upstream in cni-plugins yet. containernetworking/plugins#573

But it's just a warning
WARN[0001] To isolate bridge networks, CNI plugin "isolation" needs to be installed in CNI_PATH ("/nix/store/p72q8ijawqhmgv35hswl9bkzq4c600dg-cni-plugins-0.9.0/bin"), see https://github.com/AkihiroSuda/cni-isolation

I think it's highly likely it'll be merged in soon so I'm happy to wait for the next release of cni-plugins to merge this rather than packaging it separately and creating a new cni-plugins + cni-isolation-plugin dir.
Since it works perfectly without the plugin I'm happy to merge now. Once the plugin is added upstream it will begin to work without any changes.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS (x86_64)
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot requested a review from kalbasit January 19, 2021 11:06
@AkihiroSuda
Copy link

Thanks for packaging this.

The dependency on CNI isolation plugin is optional, not a hard dependency,

@06kellyjac
Copy link
Member Author

Thanks for packaging this.

No problem, glad to

The dependency on CNI isolation plugin is optional, not a hard dependency,

Would you need to specify --network host or --network none every run for it to work without the new plugin?
Id rather just wait for it to be packaged in cni-plugins or package it separately & add it in

@AkihiroSuda
Copy link

No, when isolation is missing, it's simply ignored with a warning message. No need to specify --net.

@AkihiroSuda
Copy link

exec: "runc": executable file not found in $PATH

Is this a packaging issue, or something new in nerdctl v0.5.0 ?

@06kellyjac
Copy link
Member Author

Might be from a previous version. Its not in the path ATM and was working before.

I think I just ran containerd without runc in the path 🤦‍♂️
Ill give it another go in the morning

@06kellyjac
Copy link
Member Author

Ok yeah running containerd with runc in the path worked fine 🤦

sudo ./result/bin/nerdctl run -it alpine
WARN[0000] To isolate bridge networks, CNI plugin "isolation" needs to be installed in CNI_PATH ("/nix/store/p72q8ijawqhmgv35hswl9bkzq4c600dg-cni-plugins-0.9.0/bin"), see https://github.com/AkihiroSuda/cni-isolation
/ # echo hi
hi
/ #

The stargz converted image worked fine.

λ sudo ./result/bin/nerdctl pull kubesec/kubesec:4423063
docker.io/kubesec/kubesec:4423063:                                                resolved       |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:872c9714ee29d3c3c1612de6ab3cb0b7c280e36c803cb5776b15594a6f115f1e: done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:69b89a0b05c6a1d122f59bda262c707caf2c2759af660e9db5347f69c8afa015:   done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:6d86d77bbc34395397c43c4a597c2d2f322f21f1edf7b80b753ca4fab468ea1b:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c63654b79c0b89141dd8d56da082d941252ffe37b3cb89db19087abbb6bb0335:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:df20fa9351a15782c64e6dddb2d4a6f50bf6d3688060a34c4014b0d9a752eb4c:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:daae948c2c65122b148d83341bef169dca2010b40e1d2ee502b65b7f92d996a8:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9ad85155a1f9edb01c502b175372a11f1368b75a549057995d5a945029fb7eae:    done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 4.4 s                                                                    total:  25.3 M (5.7 MiB/s)
λ sudo ./result/bin/nerdctl image convert --estargz --oci kubesec/kubesec:4423063 bob
sha256:43fa2f7d68af443e9cf133a708e9facea266ea21e49ca24237b2b9ce1fc8b79d
λ sudo ./result/bin/nerdctl run -it bob
WARN[0000] To isolate bridge networks, CNI plugin "isolation" needs to be installed in CNI_PATH ("/nix/store/p72q8ijawqhmgv35hswl9bkzq4c600dg-cni-plugins-0.9.0/bin"), see https://github.com/AkihiroSuda/cni-isolation
{"severity":"info","timestamp":"2021-01-20T13:00:11.925Z","caller":"server/server.go:41","message":"Starting HTTP server on port 8080"}

I'm happy for this to be merged as it's working perfectly. Once isolation is added to plugins that'll magically start to work fully too.

@06kellyjac 06kellyjac marked this pull request as ready for review January 20, 2021 13:04
@06kellyjac
Copy link
Member Author

Result of nixpkgs-review pr 109938 run on x86_64-linux 1

1 package built:
  • nerdctl

@zowoq zowoq merged commit 083d8f8 into NixOS:master Jan 20, 2021
@06kellyjac 06kellyjac deleted the nerdctl branch January 20, 2021 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kalbasit kalbasit Awaiting requested review from kalbasit

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@06kellyjac @AkihiroSuda @zowoq