Merge branch 'main' into dependabot/go_modules/github.com/spf13/viper-1.20.1

Author: voigt

.github/workflows/ci.yml

@@ -20,6 +20,9 @@ jobs:
   helm_install_smoke_test:
     uses: ./.github/workflows/helm-chart-smoketest.yml
 
+  helm_node_scaling_test:
+    uses: ./.github/workflows/helm-chart-node-scaling-test.yml
+
   unit_tests:
     name: Test
     runs-on: ubuntu-latest

.github/workflows/helm-chart-node-scaling-test.yml

@@ -0,0 +1,149 @@
+name: Helm Node Scaling Test
+
+on:
+  workflow_call:
+
+env:
+  SHIM_SPIN_VERSION: v0.19.0
+  DOCKER_BUILD_SUMMARY: false
+
+jobs:
+  helm-node-scaling-test:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install helm
+        uses: Azure/setup-helm@v4
+        with:
+          version: v3.15.4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build RCM
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          load: true
+          tags: |
+            runtime-class-manager:chart-test
+
+      - name: Build node installer
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./images/installer/Dockerfile
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          load: true
+          tags: |
+            node-installer:chart-test
+
+      - name: Build shim downloader
+        uses: docker/build-push-action@v6
+        with:
+          context: ./images/downloader
+          file: ./images/downloader/Dockerfile
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          load: true
+          tags: |
+            shim-downloader:chart-test
+
+      - name: create kind config
+        run: |
+          cat << EOF > kind-config.yaml
+            kind: Cluster
+            apiVersion: kind.x-k8s.io/v1alpha4
+            nodes:
+            - role: control-plane
+            - role: worker
+              labels:
+                spin: true
+          EOF
+
+      - name: fetch kindscaler script
+        run: |
+          curl -so kindscaler.sh https://raw.githubusercontent.com/lobuhi/kindscaler/refs/heads/main/kindscaler.sh
+          chmod +x kindscaler.sh
+
+      - name: create kind cluster
+        uses: helm/kind-action@v1
+        with:
+          cluster_name: kind
+          config: kind-config.yaml
+
+      - name: import images into kind cluster
+        run: |
+          kind load docker-image runtime-class-manager:chart-test
+          kind load docker-image node-installer:chart-test
+          kind load docker-image shim-downloader:chart-test
+
+      - name: helm install runtime-class-manager
+        run: |
+          helm install rcm \
+            --namespace rcm \
+            --create-namespace \
+            --debug \
+            --set image.repository=runtime-class-manager \
+            --set image.tag=chart-test \
+            --set rcm.nodeInstallerImage.repository=node-installer \
+            --set rcm.nodeInstallerImage.tag=chart-test \
+            --set rcm.shimDownloaderImage.repository=shim-downloader \
+            --set rcm.shimDownloaderImage.tag=chart-test \
+            deploy/helm
+
+      - name: apply Spin shim
+        run: |
+          # Ensure shim binary is compatible with runner arch
+          yq -i '.spec.fetchStrategy.anonHttp.location = "https://github.com/spinkube/containerd-shim-spin/releases/download/${{ env.SHIM_SPIN_VERSION }}/containerd-shim-spin-v2-linux-x86_64.tar.gz"' \
+            config/samples/test_shim_spin.yaml
+          kubectl apply -f config/samples/test_shim_spin.yaml
+
+      - name: verify shim is installed into one node
+        run: |
+          timeout 1m bash -c 'until [[ "$(kubectl get node -l spin=true -l spin-v2=provisioned -o name | wc -l)" == "1" ]]; do sleep 2; done'
+          timeout 1m bash -c 'until [[ "$(kubectl get shim.runtime.spinkube.dev/spin-v2 -o json | jq -r '.status.nodesReady')" == "1" ]]; do sleep 2; done'
+
+      - name: scale kind worker nodes to 2
+        run: ./kindscaler.sh kind -r worker -c 1
+
+      - name: re-import images into kind cluster, for new node
+        run: |
+          kind load docker-image runtime-class-manager:chart-test
+          kind load docker-image node-installer:chart-test
+          kind load docker-image shim-downloader:chart-test
+
+      - name: verify shim is installed into two nodes
+        run: |
+          timeout 1m bash -c 'until [[ "$(kubectl get node -l spin=true -l spin-v2=provisioned -o name | wc -l)" == "2" ]]; do sleep 2; done'
+          timeout 1m bash -c 'until [[ "$(kubectl get shim.runtime.spinkube.dev/spin-v2 -o json | jq -r '.status.nodesReady')" == "2" ]]; do sleep 2; done'
+
+      - name: delete Spin Shim
+        run: kubectl delete -f config/samples/test_shim_spin.yaml
+
+      - name: verify shim is uninstalled from both nodes
+        run: |
+          timeout 1m bash -c 'until [[ "$(kubectl get node -l spin=true -l spin-v2=provisioned -o name | wc -l)" == "0" ]]; do sleep 2; done'
+          timeout 1m bash -c 'until ! kubectl get shims.runtime.spinkube.dev/spin-v2; do sleep 2; done'
+
+      - name: debug
+        if: failure()
+        run: |
+          kubectl get pods -A
+          kubectl describe shim spin-v2
+          kubectl describe runtimeclass wasmtime-spin-v2
+          kubectl describe -n rcm pod -l job-name=kind-worker-spin-v2-install || true
+          kubectl logs -n rcm -l app.kubernetes.io/name=runtime-class-manager || true
+          kubectl describe -n rcm pod -l app.kubernetes.io/name=runtime-class-manager || true
+          kubectl describe nodes

.github/workflows/helm-chart-smoketest.yml

@@ -4,71 +4,135 @@ on:
   workflow_call:
 
 env:
-  SHIM_SPIN_VERSION: v0.15.1
+  K8S_VERSION: v1.32.3
+  MICROK8S_CHANNEL: 1.32/stable
+  SHIM_SPIN_VERSION: v0.19.0
+  DOCKER_BUILD_SUMMARY: false
 
 jobs:
-  helm-install-smoke-test:
+  build-images:
     runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        config:
+          - {
+              name: "runtime-class-manager",
+              context: ".",
+              file: "./Dockerfile"
+            }
+          - {
+              name: "shim-downloader",
+              context: "./images/downloader",
+              file: "./images/downloader/Dockerfile"
+            }
+          - {
+              name: "node-installer",
+              context: ".",
+              file: "./images/installer/Dockerfile"
+            }
     steps:
       - uses: actions/checkout@v4
 
-      - name: Install helm
-        uses: Azure/setup-helm@v4
-        with:
-          version: v3.15.4
-
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Build RCM
+      - name: Build ${{ matrix.config.name }}
         uses: docker/build-push-action@v6
         with:
-          context: .
-          file: ./Dockerfile
+          context: ${{ matrix.config.context }}
+          file: ${{ matrix.config.file }}
           platforms: linux/amd64
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          load: true
-          tags: |
-            runtime-class-manager:chart-test
+          outputs: type=docker,dest=/tmp/${{ matrix.config.name }}.tar
+          tags: ${{ matrix.config.name }}:chart-test
 
-      - name: Build node installer
-        uses: docker/build-push-action@v6
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
         with:
-          context: .
-          file: ./images/installer/Dockerfile
-          platforms: linux/amd64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          load: true
-          tags: |
-            node-installer:chart-test
+          name: image-${{ matrix.config.name }}
+          path: /tmp/${{ matrix.config.name }}.tar
 
-      - name: Build shim downloader
-        uses: docker/build-push-action@v6
+  helm-install-smoke-test:
+    runs-on: ubuntu-22.04
+    needs: build-images
+    strategy:
+      matrix:
+        config:
+          - {
+              type: "kind",
+              import_cmd: "kind load image-archive"
+            }
+          - {
+              type: "minikube",
+              import_cmd: "minikube image load"
+            }
+          - {
+              type: "microk8s",
+              import_cmd: "sudo microk8s ctr images import"
+            }
+          - {
+              type: "k3d",
+              import_cmd: "k3d image import"
+            }
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install helm
+        uses: Azure/setup-helm@v4
         with:
-          context: ./images/downloader
-          file: ./images/downloader/Dockerfile
-          platforms: linux/amd64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          load: true
-          tags: |
-            shim-downloader:chart-test
+          version: v3.17.2
 
-      - name: create kind cluster
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          pattern: image-*
+          merge-multiple: true
+          path: /tmp
+
+      # Note: 'uses' doesn't support variable interpolation, hence the
+      # k8s-specific steps below.
+      # Ref: https://github.com/orgs/community/discussions/25824
+      - name: Create kind cluster
+        if: matrix.config.type == 'kind'
         uses: helm/kind-action@v1
         with:
           cluster_name: kind
+          # Versions lower than v0.27.0 encounter https://github.com/kubernetes-sigs/kind/issues/3795
+          version: v0.27.0
+          node_image: kindest/node:${{ env.K8S_VERSION }}
+
+      - name: Create minikube cluster
+        if: matrix.config.type == 'minikube'
+        uses: medyagh/[email protected]
+        with:
+          container-runtime: containerd
+          kubernetes-version: ${{ env.K8S_VERSION }}
+
+      - name: Create microk8s cluster
+        if: matrix.config.type == 'microk8s'
+        uses: balchua/[email protected]
+        with:
+          channel: ${{ env.MICROK8S_CHANNEL }}
+
+      - name: Create k3d cluster
+        if: matrix.config.type == 'k3d'
+        uses: AbsaOSS/k3d-action@v2
+        with:
+          cluster-name: k3s-default
+          k3d-version: v5.8.3
+          args: |
+            --image docker.io/rancher/k3s:${{ env.K8S_VERSION }}-k3s1
 
-      - name: import images into kind cluster
+      - name: Import images
         run: |
-          kind load docker-image runtime-class-manager:chart-test
-          kind load docker-image node-installer:chart-test
-          kind load docker-image shim-downloader:chart-test
+          for image in $(ls /tmp/*.tar); do
+            ${{ matrix.config.import_cmd }} $image
+          done
 
       - name: helm install runtime-class-manager
         run: |
@@ -94,23 +158,45 @@ jobs:
       - name: label nodes
         run: kubectl label node --all spin=true
 
+      # MicroK8s runs directly on the host, so both the host's containerd process and MicroK8s' would
+      # otherwise be detected by runtime-class-manager. As of writing, rcm will fail if more than one
+      # containerd process is detected when attempting to restart. So, we stop the host process until
+      # the shim has been installed and the test app has been confirmed to run.
+      - name: stop system containerd
+        if: matrix.config.type == 'microk8s'
+        run: sudo systemctl stop containerd
+
       - name: run Spin App
         run: |
           kubectl apply -f testdata/apps/spin-app.yaml
-          kubectl rollout status deployment wasm-spin --timeout 90s
+          kubectl rollout status deployment wasm-spin --timeout 180s
           kubectl get pods -A
           kubectl port-forward svc/wasm-spin 8083:80 &
-          timeout 15s bash -c 'until curl -f -vvv http://localhost:8083/hello; do sleep 2; done'
+          timeout 60s bash -c 'until curl -f -vvv http://localhost:8083/hello; do sleep 2; done'
+
+      - name: restart system containerd
+        if: matrix.config.type == 'microk8s'
+        run: sudo systemctl start containerd
 
       - name: debug
         if: failure()
         run: |
           kubectl get pods -A
           kubectl describe shim spin-v2
           kubectl describe runtimeclass wasmtime-spin-v2
-          kubectl describe -n rcm pod -l job-name=kind-control-plane-spin-v2-install || true
+
+          # Get install pod logs
+          # Note: there may be multiple pods pending fix in https://github.com/spinkube/runtime-class-manager/issues/140
+          install_pod=$(kubectl get pods -n rcm --no-headers -o name | awk '{if ($1 ~ "-spin-v2-install") print $0}' | tail -n 1)
+          kubectl describe -n rcm $install_pod || true
+          kubectl logs -n rcm -c downloader $install_pod || true
+          kubectl logs -n rcm -c provisioner $install_pod || true
+
+          # RCM pod logs
           kubectl logs -n rcm -l app.kubernetes.io/name=runtime-class-manager || true
           kubectl describe -n rcm pod -l app.kubernetes.io/name=runtime-class-manager || true
+
+          # App logs
           kubectl logs -l app=wasm-spin || true
           kubectl describe pod -l app=wasm-spin || true
 

.github/workflows/sbom.yml

@@ -32,7 +32,7 @@ jobs:
         uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
 
       - name: Install the crane command
-        uses: IAreKyleW00t/crane-installer@714fc1e08f8f301abca2f140eba36d9a14e8c5e6 # v1.3
+        uses: IAreKyleW00t/crane-installer@7a098cf907ebbb438b174e1e01cab6f732b492f9 # v1.3
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0