Last active
February 10, 2024 08:11
-
-
Save dgiebert/1c19ab257b4554662399bc75545195db to your computer and use it in GitHub Desktop.
gVisor with System Upgrade Controller on RKE2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: gvisor | |
namespace: cattle-system | |
type: Opaque | |
stringData: | |
gvisor: "20240206" | |
upgrade.sh: | | |
#!/bin/sh | |
set -e | |
secrets=$(dirname $0) | |
ARCH=$(uname -m) | |
URL=https://storage.googleapis.com/gvisor/releases/release/$(cat $secrets/gvisor)/${ARCH} | |
wget ${URL}/runsc ${URL}/runsc.sha512 ${URL}/containerd-shim-runsc-v1 ${URL}/containerd-shim-runsc-v1.sha512 | |
sha512sum -c runsc.sha512 -c containerd-shim-runsc-v1.sha512 | |
chmod a+rx runsc containerd-shim-runsc-v1 | |
sudo mv runsc containerd-shim-runsc-v1 /usr/local/bin | |
cat <<-EOF > /var/lib/rancher/rke2/agent/etc/containerd/config.toml.tmpl | |
{{ template "base" . }} | |
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc] | |
runtime_type = "io.containerd.runsc.v1" | |
EOF | |
if systemctl is-active --quiet rke2-server | |
then | |
echo "Running on a master" | |
systemctl restart rke2-server | |
else | |
echo "Running on a worker" | |
systemctl restart rke2-agent | |
fi | |
--- | |
apiVersion: upgrade.cattle.io/v1 | |
kind: Plan | |
metadata: | |
name: gvisor | |
namespace: cattle-system | |
spec: | |
concurrency: 1 | |
nodeSelector: | |
matchExpressions: | |
- {key: cattle.io/os, operator: In, values: ["linux"]} | |
serviceAccountName: system-agent-upgrader | |
secrets: | |
- name: gvisor | |
path: /host/run/system-upgrade/secrets/gvisor | |
version: "22.04" | |
upgrade: | |
image: ubuntu | |
command: ["chroot", "/host"] | |
args: ["sh", "/run/system-upgrade/secrets/gvisor/upgrade.sh"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment