Release v2.6.0: containerd RuntimeClass (kubectl exec) + node installer#155
Merged
Conversation
…lation - Add containerd-shim-a3s-box-v2: route runtimeClassName=a3s-box pods to the a3s-box MicroVM runtime via a containerd runtime handler (deploy/shim/ manifests). - Fix: setsid the libkrun VMM shim so it survives launcher teardown (keeps exec.sock). - Make a3s-libkrun-sys libkrunfw download resilient (curl retry + abort-on-stall). - Bump workspace version 2.5.2 -> 2.6.0; CHANGELOG.
Makes the containerd-shim-a3s-box-v2 path actually serve `kubectl exec` against libkrun MicroVMs, plus the v2.6.0 network/block-IO stats feature. containerd shim: - Stage container env in a rootfs file (BOX_EXEC_ENV_FILE) instead of inlining it: Kubernetes injects ~150 service env vars per pod, which overflow the guest kernel cmdline (COMMAND_LINE_SIZE) and silently break boot. Only a small pointer rides the cmdline now. - Gate Task.wait()'s inspect-poll on the box being confirmed running: containerd calls Wait() concurrently with (and before) Start finishes, during which `inspect` returns "No such container"; treating that as a terminal exit made containerd kill the box it was still starting. - Launch the box as a transient systemd unit so it runs under a clean rlimit/memlock context (libkrun must mlock guest RAM for KVM). - Hold the CRI stdout/stderr FIFO write ends open so the task persists. Also includes the network + block-IO stats feature for `a3s-box stats/top/ps` (net_stats_path threaded through vmm/netproxy/passt). Validated: kubectl exec end-to-end 4/4 on the production cluster; full `src` workspace lib tests green (cargo test --workspace --lib).
deploy/scripts/install-runtimeclass.sh provisions a node to run RuntimeClass=a3s-box pods: installs the a3s-box CLI + helpers + libkrun and the containerd runtime-v2 shim (containerd-shim-a3s-box-v2), registers the io.containerd.a3s-box.v2 runtime via an /etc/containerd/conf.d drop-in, restarts containerd, and warms the one-time per-node boot cache so the first pod boots fast. Download (default) and --from-dir (air-gapped) modes; idempotent. README: document the deploy flow — create the RuntimeClass, run the installer on each node, label the node (a3s-box.io/runtime=true), run a pod. Validated end-to-end on a 5-node cluster: installer ran on every worker, each then started an a3s-box pod and served `kubectl exec` on the first try. Note: v2.6.0's release tarball ships the CLI/libkrun but not the containerd shim (it is a separate cargo project release.yml does not build); the shim is published as the release asset containerd-shim-a3s-box-v2-linux-x86_64. Follow-up: have release.yml build + attach it so future releases are self-contained.
…pt lives until merged to main)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v2.6.0 — containerd RuntimeClass + one-click node installer
Brings the
release/2.6.0work ontomain.containerd RuntimeClass (
runtimeClassName: a3s-box)Pods run as libkrun MicroVMs via
containerd-shim-a3s-box-v2, with workingkubectl exec. Key fixes that made exec work end-to-end:BOX_EXEC_ENV_FILE).Task.wait()gated on confirmed-running — containerd callsWait()beforeStartfinishes, so a transient "No such container" was misreported as exit and tore down the still-booting box.Also includes the network + block-IO stats feature for
a3s-box stats/top/ps.Deployment
deploy/scripts/install-runtimeclass.sh— idempotent one-command per-node installer (CLI + libkrun + shim + containerd conf.d drop-in + boot-cache warm-up; download /--from-dirmodes).Validation
Installed + verified on all 5 worker nodes of a cluster: each ran an a3s-box pod and served
kubectl execon the first try. v2.6.0 published (GitHub Release, Homebrew, crates.io, winget);containerd-shim-a3s-box-v2-linux-x86_64added as a release asset (the tarball doesn't ship it).