diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index c8efda0..2641482 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -20,18 +20,23 @@ jobs: include: - lima_template: template://ubuntu-24.04 container_engine: docker + rootful: "false" - lima_template: template://docker-rootful - container_engine: docker-rootful + container_engine: docker + rootful: "true" - lima_template: template://ubuntu-24.04 container_engine: nerdctl + rootful: "false" - lima_template: template://centos-stream-9 container_engine: podman - lima_template: template://fedora container_engine: podman + rootful: "false" uses: ./.github/workflows/reusable-multi-node.yaml with: lima_template: ${{ matrix.lima_template }} container_engine: ${{ matrix.container_engine }} + rootful: ${{ matrix.rootful }} # TODO: this test should create multiple instances of Usernetes on each of the hosts multi-node-custom-ports: diff --git a/.github/workflows/reusable-multi-node.yaml b/.github/workflows/reusable-multi-node.yaml index 53f31d5..e509060 100644 --- a/.github/workflows/reusable-multi-node.yaml +++ b/.github/workflows/reusable-multi-node.yaml @@ -19,6 +19,10 @@ on: description: flannel vxlan port type: string default: "8472" + rootful: + description: use rootful mode for a container technology + type: string + default: "false" etcd_port: description: etcd service port type: string @@ -41,6 +45,7 @@ jobs: env: LIMA_TEMPLATE: "${{ inputs.lima_template }}" CONTAINER_ENGINE: "${{ inputs.container_engine }}" + CONTAINER_ROOTFUL: "${{ inputs.rootful }}" PORT_KUBE_APISERVER: "${{ inputs.kube_apiserver_port }}" PORT_FLANNEL: "${{ inputs.flannel_port }}" PORT_KUBELET: "${{ inputs.kubelet_port }}" diff --git a/hack/create-cluster-lima.sh b/hack/create-cluster-lima.sh index 6efbcf6..ba3d230 100755 --- a/hack/create-cluster-lima.sh +++ b/hack/create-cluster-lima.sh @@ -37,12 +37,6 @@ done SERVICE_PORTS="PORT_KUBE_APISERVER=${PORT_KUBE_APISERVER} PORT_ETCD=${PORT_ETCD} PORT_FLANNEL=${PORT_FLANNEL} PORT_KUBELET=${PORT_KUBELET}" -# At this point, rootless / rootful Docker is setup -if [[ "$CONTAINER_ENGINE" == "docker-rootful" ]] - then - CONTAINER_ENGINE="docker" -fi - # Launch a Kubernetes node inside a Rootless Docker host for host in host0 host1; do ${LIMACTL} shell "${host}" ${SERVICE_PORTS} CONTAINER_ENGINE="${CONTAINER_ENGINE}" make -C "${guest_home}/usernetes" up diff --git a/init-host/init-host.root.sh b/init-host/init-host.root.sh index 060c288..f9f2cd7 100755 --- a/init-host/init-host.root.sh +++ b/init-host/init-host.root.sh @@ -7,6 +7,7 @@ if [ "$(id -u)" != "0" ]; then fi : "${CONTAINER_ENGINE:=docker}" +: "${CONTAINER_ROOTFUL:=false}" script_dir="$(dirname "$0")" if [ ! -e /etc/systemd/system/user@.service.d/delegate.conf ]; then @@ -64,8 +65,12 @@ else apt-get install -y git uidmap make jq fi -case "${CONTAINER_ENGINE}" in -"docker") +setup_docker() { + if [ "${CONTAINER_ROOTFUL}" = "true" ]; then + echo "Preparing to run docker in default rootful mode." + return + fi + echo "Preparing to run docker in rootless mode." if ! command -v dockerd-rootless-setuptool.sh >/dev/null 2>&1; then if grep -q centos /etc/os-release; then # Works with Rocky and Alma too @@ -76,9 +81,11 @@ case "${CONTAINER_ENGINE}" in fi fi systemctl disable --now docker - ;; -"docker-rootful") - echo "Preparing to run docker in default rootful mode." +} + +case "${CONTAINER_ENGINE}" in +"docker") + setup_docker ;; "podman") if ! command -v podman-compose >/dev/null 2>&1; then diff --git a/init-host/init-host.rootless.sh b/init-host/init-host.rootless.sh index fe549a1..7ace736 100755 --- a/init-host/init-host.rootless.sh +++ b/init-host/init-host.rootless.sh @@ -7,10 +7,19 @@ if [ "$(id -u)" == "0" ]; then fi : "${CONTAINER_ENGINE:=docker}" +: "${CONTAINER_ROOTFUL:=false}" : "${XDG_CONFIG_HOME:=${HOME}/.config}" + +setup_docker_rootless() { + if [ "${CONTAINER_ROOTFUL}" = "true" ]; then + return + fi + dockerd-rootless-setuptool.sh install || (journalctl --user --since "10 min ago"; exit 1) +} + case "${CONTAINER_ENGINE}" in "docker") - dockerd-rootless-setuptool.sh install || (journalctl --user --since "10 min ago"; exit 1) + setup_docker_rootless ;; "docker-rootful") echo "Skipping rootless install of docker"