Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: Add Helm Chart for nydus snapshotter #612

Open
changweige opened this issue Aug 7, 2024 · 2 comments
Open

Proposal: Add Helm Chart for nydus snapshotter #612

changweige opened this issue Aug 7, 2024 · 2 comments

Comments

@changweige
Copy link
Member

Nydus-snapshotter has no Helm Chart to be conventionally deployed in the K8s cluster yet. We can compose such a Helm Chart to pack all necessary binaries, configs and K8s manifests into a single Helm Chart package. Depoly nydus-snapshotter as Daemonset running a each node. Run nydusd by systemd-run which makes it possible that nydusd runs in the host namespace while nydus-snapshotter runs in the its container namespace.
Nydus-snapshotter container image packs:

  1. nydus-snapshotter a.k.a containerd-nydus-grpc
  2. nydusd
  3. TOML configs

nydus-snapshotter pod's init-container installs nydusd binary to host's system path during pod startup, which means systemd can find it in the host namespace.

In such manner, even nydus-snapshotter pod is destroyed for the reason like Daemonset rolling upgrade or other maintenance purpose or unintentional operation, the container image IO is not affected.
@imeoer
Copy link
Collaborator

imeoer commented Aug 8, 2024

https://github.com/dragonflyoss/helm-charts/tree/main/charts/nydus-snapshotter is it enough for this?

@gane5hvarma
Copy link

@imeoer The above helm chart is not updated with latest version of nydus snapshotter. When updated to latest snapshotter version v0.15.0. it fails with the below error

Successfully pulled image "ghcr.io/containerd/nydus-snapshotter:v0.15.0" in 118ms (118ms including waiting). Image size: 64560834 bytes.
  Warning  Failed     10s               kubelet            Error: failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/var/lib/containerd/io.containerd.grpc.v1.cri/containers/nydus-snapshotter/volumes/34e0211ad3175a3621a689759309c8138927f6d053df6d181dc4270e8a5d1b84" to rootfs at "/var/lib/containerd/io.containerd.snapshotter.v1.nydus": possibly malicious path detected -- refusing to operate on /run/containerd/io.containerd.runtime.v2.task/k8s.io/nydus-snapshotter/rootfs/var/lib/containerd/io.containerd.snapshotter.v1.nydus (deleted): unknown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@imeoer @changweige @gane5hvarma