-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Install crictl in Agent containers #418
Install crictl in Agent containers #418
Conversation
986b64f
to
db9270e
Compare
is this a patch-level version change or a minor-level change? |
60743e4
to
68cc151
Compare
@bfjelds what do you think about:
I was thinking that it would make sense to do this in a subsequent PR so we only have to change our docs once. With just this PR, |
RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev openssl curl ca-certificates && apt-get clean | ||
|
||
# Install crictl | ||
RUN curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.17.0/crictl-v1.17.0-linux-amd64.tar.gz --output crictl-v1.17.0-linux-amd64.tar.gz &&\ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use same VERSION=... && curl $VERSION
style here too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch thanks! fixed dcb45dd
how confident are we that we can get the right path based on distro? if we are really sure, then it sounds like a good idea. i suppose if someone was using some nonstandard-path, they wouldn't be able to use the helm charts directly anymore, but maybe that never happens? |
I think we could still enable someone to override the default. I'll put in a PR of what im thinking after this |
a092e1c
to
2cdf9fb
Compare
Signed-off-by: Kate Goldenring <[email protected]>
Signed-off-by: Kate Goldenring <[email protected]>
Signed-off-by: Kate Goldenring <[email protected]>
Signed-off-by: Kate Goldenring <[email protected]>
Signed-off-by: Kate Goldenring <[email protected]>
Signed-off-by: Kate Goldenring <[email protected]>
Signed-off-by: Kate Goldenring <[email protected]>
2cdf9fb
to
07e0437
Compare
build/containers/Dockerfile.agent
Outdated
COPY ./target/${CROSS_BUILD_TARGET}/${BUILD_TYPE}/agent /agent | ||
|
||
# Install crictl | ||
RUN VERSION="v1.17.0" && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did you pick 1.17? We had problems using older crictl against newer clusters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the version we have been using in our e2e tests and documentation.
We also may want to consider using a more recent version of crictl and add updating it to our release cycle.
I think our next release we can consider moving to a newer version
curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz --output crictl-$VERSION-linux-amd64.tar.gz && \ | ||
tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin && \ | ||
rm -f crictl-$VERSION-linux-amd64.tar.gz && \ | ||
apt-get remove -y curl ca-certificates && apt-get clean |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we merge the two RUNs? Otherwise curl/ca-certs will be part of the akri layers and contribute to the overall size.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I condensed them in 75f8467 but it didn't decrease the size at all interestingly. Still 161 MB
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting. Do we know ca-certs and curl were not in the initial image to begin with or installed as dependencies of the other packages we are installing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am pretty sure they werent there because it would not install until i added them
Signed-off-by: Kate Goldenring <[email protected]>
Signed-off-by: Kate Goldenring <[email protected]>
What this PR does / why we need it:
Instead of requiring users to install crictl locally, this adds crictl directly to the Agent containers, removing the need to mount it from the host in the charts/templates.
Many users can forget to specify the path of crictl. fixes #6
Special notes for your reviewer:
The size of crictl locally is 28.5 MBs:
Similarly, adding crictl to the agent increases its size from 128MB to 161MB.
Associated documentation should be updated to match this PR.
We could also remove the need to set the container runtime path
agent.host.dockerShimSock
and instead have users specify their distro with something likekubernetesDistro.microk8s=true
. Then the appropriate socket path will be set.We also may want to consider using a more recent version of crictl and add updating it to our release cycle.
If applicable:
cargo fmt
)cargo build
)cargo clippy
)cargo test
)cargo doc
)./version.sh
)