Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

some fixes to the runtime cleanup #950

Merged
merged 7 commits into from
Oct 28, 2024
Merged

some fixes to the runtime cleanup #950

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d1dbf0a
cleanup-images: remove --exit-code
Freax13 Oct 24, 2024
1c8093d
cleanup-bm: don't fail when no node-installer is found
Freax13 Oct 24, 2024
9e3102b
scripts: add cleanup-images
Freax13 Oct 24, 2024
0aeaff7
cleanup-bm: run cleanup-images
Freax13 Oct 24, 2024
e73c8de
workflows: add workflow to push cleanup image
Freax13 Oct 24, 2024
8ad6fef
containers: rename cleanup-bm to cleanup-bare-metal
Freax13 Oct 25, 2024
5d1fbcb
containers: use latest tag for cleanup-bare-metal
Freax13 Oct 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions .github/workflows/cleanup.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: push cleanup-bare-metal image

on:
pull_request:
paths:
- .github/workflows/cleaup.yml
- packages/**

env:
container_registry: ghcr.io/edgelesssys

jobs:
push:
name: "push cleanup image"
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: ./.github/actions/setup_nix
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Log in to ghcr.io Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0
- name: Create justfile.env
run: |
cat <<EOF > justfile.env
container_registry=${{ env.container_registry }}
EOF
- name: Build and push cleanup-bare-metal image
run: |
just push cleanup-bare-metal
5 changes: 4 additions & 1 deletion packages/cleanup-bm.sh → packages/cleanup-bare-metal.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ done

kubectl get pods --all-namespaces -o jsonpath='{.items[?(@.metadata.annotations.contrast\.edgeless\.systems/pod-role=="contrast-node-installer")].spec.containers[0].args[1]}' |
tr ' ' '\n' |
grep -o "contrast-cc-.\+" >>usedRuntimeClasses
grep -o "contrast-cc-.\+" >>usedRuntimeClasses || true
sort -u usedRuntimeClasses -o usedRuntimeClasses

mapfile -t unusedRuntimeClasses < <(
Expand Down Expand Up @@ -56,3 +56,6 @@ for runtimeClass in "${unusedRuntimeClasses[@]}"; do
dasel delete --file "${CONFIG}" --indent 0 --read toml --write toml "plugins.io\.containerd\.grpc\.v1\.cri.containerd.runtimes.${runtimeClass}" 2>/dev/null
dasel delete --file "${CONFIG}" --indent 0 --read toml --write toml "proxy_plugins.${SNAPSHOTTER}-${runtimeClass}" 2>/dev/null
done

# Fix the state for removed snapshotters.
cleanup-images
2 changes: 1 addition & 1 deletion tools/cleanup-images.sh → packages/cleanup-images.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ for image in "${pauseImages[@]}"; do
ctr "${ctrOpts[@]}" content fetch "${image}"
done

if ctr "${ctrOpts[@]}" image check | grep --exit-code "incomplete"; then
if ctr "${ctrOpts[@]}" image check | grep "incomplete"; then
echo "Incomplete images detected"
exit 1
fi
11 changes: 7 additions & 4 deletions packages/containers.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,11 +156,14 @@ let
};
};

cleanup-bm = dockerTools.buildImage {
name = "cleanup-bm";
tag = "v0.0.1";
cleanup-bare-metal = dockerTools.buildImage {
name = "cleanup-bare-metal";
tag = "latest";
copyToRoot = with pkgs; [
cacert
];
config = {
Cmd = [ "${lib.getExe pkgs.scripts.cleanup-bm}" ];
Cmd = [ "${lib.getExe pkgs.scripts.cleanup-bare-metal}" ];
};
};
};
Expand Down
17 changes: 14 additions & 3 deletions packages/scripts.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -491,13 +491,24 @@
'';
};

cleanup-bm = writeShellApplication {
name = "cleanup-bm";
cleanup-bare-metal = writeShellApplication {
name = "cleanup-bare-metal";
runtimeInputs = with pkgs; [
busybox
kubectl
dasel
scripts.cleanup-images
];
text = builtins.readFile ./cleanup-bm.sh;
text = builtins.readFile ./cleanup-bare-metal.sh;
};

cleanup-images = writeShellApplication {
name = "cleanup-images";
runtimeInputs = with pkgs; [
gnugrep
busybox
containerd
];
text = builtins.readFile ./cleanup-images.sh;
};
}
8 changes: 7 additions & 1 deletion tools/bm-maintenance/deployment_tdx_snp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ spec:
serviceAccountName: cleanup-sa
containers:
- name: cleanup
image: ghcr.io/edgelesssys/contrast/cleanup-bm:v0.0.1
image: ghcr.io/edgelesssys/contrast/cleanup-bare-metal
env:
- name: OPTEDGELESS
value: /opt/edgeless
Expand All @@ -62,6 +62,8 @@ spec:
mountPath: /var/lib/nydus-snapshotter
- name: containerd-config
mountPath: /var/lib/rancher/k3s/agent/etc/containerd
- name: containerd-run
mountPath: /run/k3s/containerd/
volumes:
- name: opt-edgeless
hostPath:
Expand All @@ -75,4 +77,8 @@ spec:
hostPath:
path: /var/lib/rancher/k3s/agent/etc/containerd
type: Directory
- name: containerd-run
hostPath:
path: /run/k3s/containerd/
type: Directory
restartPolicy: OnFailure