pluralsh / plural-cli

cli for the plural platform
MIT License
27 stars 10 forks source link

Feat: docker-kind-support #428

Closed rauerhans closed 1 year ago

rauerhans commented 1 year ago

Summary

This adds support to run docker containers and/or a kind cluster from within a plural cloud-cli kubectl exec session. The dind container needed for that is running in a rootfull, but unprviliged sidecar to the plural cloud-cli container on a sysbox node:

apiVersion: v1 
kind: Pod 
metadata: 
  name: plural-cli-dind-sidecar
  namespace: sysbox
  annotations:
    io.kubernetes.cri-o.userns-mode: "auto:size=65536"
spec: 
  runtimeClassName: sysbox-runc
  tolerations:
    - key: plural.sh/sysbox
      operator: Exists
    - key: plural.sh/capacityType
      operator: Exists
  restartPolicy: Never
  containers: 
    - name: plural-cli
      image: ghcr.io/pluralsh/plural-cli-cloud:pr-428
      command: ["sh", "-c", "while true; do sleep 3600; done"]
      resources: 
        requests: 
          cpu: 10m 
          memory: 256Mi 
      env: 
      - name: DOCKER_HOST 
        value: tcp://localhost:2375 
      volumeMounts: 
        - name: docker
          mountPath: /var/lib/docker 
    - name: sysbox-dind
      image: ghcr.io/pluralsh/plural-dind:pr-428
      resources: 
        requests: 
          cpu: 20m 
          memory: 512Mi 
      securityContext: 
        privileged: false 
      volumeMounts: 
        - name: docker
          mountPath: /var/lib/docker 
  volumes: 
    - name: docker 
      emptyDir: {}

!Make sure to only run this on the sysbox nodes!

Test:

plural@plural-cli-dind-sidecar:~$ whoami
plural
plural@plural-cli-dind-sidecar:~$ kind create cluster
Creating cluster "kind" ...
 āœ“ Ensuring node image (kindest/node:v1.27.3) šŸ–¼
 āœ“ Preparing nodes šŸ“¦  
 āœ“ Writing configuration šŸ“œ 
 āœ“ Starting control-plane šŸ•¹ļø 
 āœ“ Installing CNI šŸ”Œ 
 āœ“ Installing StorageClass šŸ’¾ 
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a nice day! šŸ‘‹
plural@plural-cli-dind-sidecar:~$ kubectl get nodes
NAME                 STATUS   ROLES           AGE   VERSION
kind-control-plane   Ready    control-plane   72s   v1.27.3
plural@plural-cli-dind-sidecar:~$ kubectl get pods --all-namespaces
NAMESPACE            NAME                                         READY   STATUS    RESTARTS   AGE
kube-system          coredns-5d78c9869d-2nqh6                     1/1     Running   0          80s
kube-system          coredns-5d78c9869d-vjfdb                     1/1     Running   0          79s
kube-system          etcd-kind-control-plane                      1/1     Running   0          89s
kube-system          kindnet-gdgs8                                1/1     Running   0          80s
kube-system          kube-apiserver-kind-control-plane            1/1     Running   0          90s
kube-system          kube-controller-manager-kind-control-plane   1/1     Running   0          89s
kube-system          kube-proxy-qk4mr                             1/1     Running   0          80s
kube-system          kube-scheduler-kind-control-plane            1/1     Running   0          93s
local-path-storage   local-path-provisioner-6bc4bddd6b-bmkf6      1/1     Running   0          80s
plural@plural-cli-dind-sidecar:~$ kind delete cluster
Deleting cluster "kind" ...
Deleted nodes: ["kind-control-plane"]

Labels

Test Plan

Checklist

github-advanced-security[bot] commented 1 year ago

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.