feat: allow extra mounts for docker-based talosctl cluster create

Fixes #9607 Use docker CLI syntax, support any kind of mounts supported by docker CLI. Also drop modules from `talos` container image, as it's useless to provide modules in container mode. Signed-off-by: Andrey Smirnov <[email protected]> (cherry picked from commit 05c6209)
siderolabs · Nov 13, 2024 · 6d872e4 · 6d872e4
1 parent 8c193c8
commit 6d872e4
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -736,6 +736,7 @@ RUN <<END
 END
 
 FROM rootfs-base-${TARGETARCH} AS rootfs-base
+RUN rm -rf /rootfs/lib/modules/*
 RUN find /rootfs -print0 \
     | xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
 

diff --git a/cmd/talosctl/cmd/mgmt/cluster/create.go b/cmd/talosctl/cmd/mgmt/cluster/create.go
@@ -22,6 +22,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/docker/cli/opts"
 	"github.com/dustin/go-humanize"
 	"github.com/google/uuid"
 	"github.com/hashicorp/go-getter/v2"
@@ -189,6 +190,7 @@ var (
 	withUUIDHostnames         bool
 	withSiderolinkAgent       agentFlag
 	configInjectionMethodFlag string
+	mountOpts                 opts.MountOpt
 )
 
 // createCmd represents the cluster up command.
@@ -862,6 +864,7 @@ func create(ctx context.Context) error {
 			Memory:                controlPlaneMemory,
 			NanoCPUs:              controlPlaneNanoCPUs,
 			Disks:                 disks,
+			Mounts:                mountOpts.Value(),
 			SkipInjectingConfig:   skipInjectingConfig,
 			ConfigInjectionMethod: configInjectionMethod,
 			BadRTC:                badRTC,
@@ -933,6 +936,7 @@ func create(ctx context.Context) error {
 				Memory:                workerMemory,
 				NanoCPUs:              workerNanoCPUs,
 				Disks:                 disks,
+				Mounts:                mountOpts.Value(),
 				Config:                cfg,
 				ConfigInjectionMethod: configInjectionMethod,
 				SkipInjectingConfig:   skipInjectingConfig,
@@ -1267,6 +1271,7 @@ func init() {
 	createCmd.Flags().BoolVar(&withUUIDHostnames, "with-uuid-hostnames", false, "use machine UUIDs as default hostnames (QEMU only)")
 	createCmd.Flags().Var(&withSiderolinkAgent, "with-siderolink", "enables the use of siderolink agent as configuration apply mechanism. `true` or `wireguard` enables the agent, `tunnel` enables the agent with grpc tunneling") //nolint:lll
 	createCmd.Flags().StringVar(&configInjectionMethodFlag, "config-injection-method", "", "a method to inject machine config: default is HTTP server, 'metal-iso' to mount an ISO (QEMU only)")
+	createCmd.Flags().Var(&mountOpts, "mount", "attach a mount to the container (Docker only)")
 
 	createCmd.MarkFlagsMutuallyExclusive(inputDirFlag, nodeInstallImageFlag)
 	createCmd.MarkFlagsMutuallyExclusive(inputDirFlag, configDebugFlag)

diff --git a/go.mod b/go.mod
@@ -79,7 +79,7 @@ require (
 	github.com/coreos/go-iptables v0.8.0
 	github.com/cosi-project/runtime v0.5.5
 	github.com/distribution/reference v0.6.0
-	github.com/docker/docker v27.2.0+incompatible
+	github.com/docker/cli v27.1.1+incompatible
 	github.com/docker/go-connections v0.5.0
 	github.com/dustin/go-humanize v1.0.1
 	github.com/ecks/uefi v0.0.0-20221116212947-caef65d070eb
@@ -198,6 +198,8 @@ require (
 	sigs.k8s.io/yaml v1.4.0
 )
 
+require github.com/docker/docker v27.1.1+incompatible
+
 require (
 	github.com/0x5a17ed/itkit v0.6.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
@@ -243,7 +245,6 @@ require (
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/cli v27.1.1+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect

diff --git a/go.sum b/go.sum
@@ -178,8 +178,8 @@ github.com/docker/cli v27.1.1+incompatible h1:goaZxOqs4QKxznZjjBWKONQci/MywhtRv2
 github.com/docker/cli v27.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v27.2.0+incompatible h1:Rk9nIVdfH3+Vz4cyI/uhbINhEZ/oLmc+CBXmH6fbNk4=
-github.com/docker/docker v27.2.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.1.1+incompatible h1:hO/M4MtV36kzKldqnA37IWhebRA+LnqqcqDja6kVaKY=
+github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=

diff --git a/pkg/provision/providers/docker/node.go b/pkg/provision/providers/docker/node.go
@@ -11,6 +11,7 @@ import (
 	"fmt"
 	"net/netip"
 	"runtime"
+	"slices"
 	"strings"
 
 	"github.com/docker/docker/api/types"
@@ -115,7 +116,7 @@ func (p *provisioner) createNode(ctx context.Context, clusterReq provision.Clust
 	}
 
 	// Create the host config.
-	mounts := make([]mount.Mount, 0, len(constants.Overlays)+5)
+	mounts := make([]mount.Mount, 0, len(constants.Overlays)+5+len(nodeReq.Mounts))
 
 	for _, path := range []string{"/run", "/system", "/tmp"} {
 		mounts = append(mounts, mount.Mount{
@@ -131,6 +132,8 @@ func (p *provisioner) createNode(ctx context.Context, clusterReq provision.Clust
 		})
 	}
 
+	mounts = slices.Concat(mounts, nodeReq.Mounts)
+
 	hostConfig := &container.HostConfig{
 		Privileged:  true,
 		SecurityOpt: []string{"seccomp:unconfined"},

diff --git a/pkg/provision/request.go b/pkg/provision/request.go
@@ -10,6 +10,7 @@ import (
 	"slices"
 	"time"
 
+	mounttypes "github.com/docker/docker/api/types/mount"
 	"github.com/google/uuid"
 	"github.com/siderolabs/go-procfs/procfs"
 
@@ -187,8 +188,10 @@ type NodeRequest struct {
 	NanoCPUs int64
 	// Memory limit in bytes
 	Memory int64
-	// Disks (volumes), if applicable
+	// Disks (volumes), if applicable (VM only)
 	Disks []*Disk
+	// Mounts (containers only)
+	Mounts []mounttypes.Mount
 	// Ports
 	Ports []string
 	// SkipInjectingConfig disables reading configuration from http server

diff --git a/website/content/v1.8/reference/cli.md b/website/content/v1.8/reference/cli.md
@@ -140,6 +140,7 @@ talosctl cluster create [flags]
       --kubernetes-version string                desired kubernetes version to run (default "1.31.2")
       --memory int                               the limit on memory usage in MB (each control plane/VM) (default 2048)
       --memory-workers int                       the limit on memory usage in MB (each worker/VM) (default 2048)
+      --mount mount                              attach a mount to the container (Docker only)
       --mtu int                                  MTU of the cluster network (default 1500)
       --nameservers strings                      list of nameservers to use (default [8.8.8.8,1.1.1.1,2001:4860:4860::8888,2606:4700:4700::1111])
       --no-masquerade-cidrs strings              list of CIDRs to exclude from NAT (QEMU provisioner only)