diff --git a/.github/workflows/build_push_criu.yml b/.github/workflows/build_push_criu.yml index 4f09c00..bee9918 100644 --- a/.github/workflows/build_push_criu.yml +++ b/.github/workflows/build_push_criu.yml @@ -8,7 +8,7 @@ on: env: REGISTRY: ghcr.io CRIU_IMAGE_NAME: ${{ github.repository }}-criu - CRIU_VERSION: a2c4dd2 + CRIU_VERSION: v3.19 jobs: push_to_registry: diff --git a/Makefile b/Makefile index d53d113..e9aa78b 100644 --- a/Makefile +++ b/Makefile @@ -3,8 +3,7 @@ NAMESPACE := ctrox INSTALLER_IMAGE := $(REGISTRY)/$(NAMESPACE)/zeropod-installer:dev MANAGER_IMAGE := $(REGISTRY)/$(NAMESPACE)/zeropod-manager:dev TEST_IMAGE := $(REGISTRY)/$(NAMESPACE)/zeropod-test:dev -# a2c4dd2 allows skipping iptables/nftables -CRIU_VERSION := a2c4dd2 +CRIU_VERSION := v3.19 CRIU_IMAGE := $(REGISTRY)/$(NAMESPACE)/zeropod-criu:$(CRIU_VERSION) DOCKER_SOCK := /var/run/docker.sock EBPF_IMAGE := $(REGISTRY)/$(NAMESPACE)/zeropod-ebpf:dev diff --git a/cmd/installer/main.go b/cmd/installer/main.go index e5175da..64497b4 100644 --- a/cmd/installer/main.go +++ b/cmd/installer/main.go @@ -25,8 +25,7 @@ import ( ) var ( - criuImage = flag.String("criu-image", "ghcr.io/ctrox/zeropod-criu:a2c4dd2", "criu image to use.") - criuNFTables = flag.Bool("criu-nftables", true, "use criu with nftables") + criuImage = flag.String("criu-image", "ghcr.io/ctrox/zeropod-criu:v3.19", "criu image to use.") runtime = flag.String("runtime", "containerd", "specifies which runtime to configure. containerd/k3s/rke2") hostOptPath = flag.String("host-opt-path", "/opt/zeropod", "path where zeropod binaries are stored on the host") uninstall = flag.Bool("uninstall", false, "uninstalls zeropod by cleaning up all the files the installer created") @@ -147,16 +146,6 @@ func installCriu(ctx context.Context) error { return err } - if !*criuNFTables { - log.Println("nftables disabled, installing criu with iptables") - // if we don't have nftables support, we need to use the criu binary - // without nftables support compiled in as the config alone does not seem - // to do the trick :/ - if err := os.Rename(filepath.Join(optPath, "bin", criuIPTablesBin), filepath.Join(optPath, "bin", defaultCriuBin)); err != nil { - return err - } - } - // write the criu config if err := os.MkdirAll(path.Dir(criuConfigFile), os.ModePerm); err != nil { return err diff --git a/config/gke/kustomization.yaml b/config/gke/kustomization.yaml index 3d4034f..7b75bac 100644 --- a/config/gke/kustomization.yaml +++ b/config/gke/kustomization.yaml @@ -4,10 +4,6 @@ patchesStrategicMerge: - daemonset.yaml patches: - patch: |- - # gke does not have nftables support (yet, dev kernel supports it) - - op: add - path: /spec/template/spec/containers/1/args/- - value: -criu-nftables=false - op: add path: /spec/template/spec/containers/1/args/- value: -host-opt-path=/var/lib/toolbox/zeropod diff --git a/criu/Dockerfile b/criu/Dockerfile index f3122fb..b5ddf2b 100644 --- a/criu/Dockerfile +++ b/criu/Dockerfile @@ -5,31 +5,22 @@ FROM ubuntu:20.04 as build RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ git build-essential libprotobuf-dev libprotobuf-c-dev \ - protobuf-c-compiler protobuf-compiler python-protobuf \ + protobuf-c-compiler protobuf-compiler python3-protobuf \ libcap-dev libnl-3-dev libnet-dev pkg-config curl ca-certificates WORKDIR /workspace RUN git clone https://github.com/checkpoint-restore/criu.git WORKDIR /workspace/criu -ARG CRIU_VERSION=v3.18 +ARG CRIU_VERSION=v3.19 RUN git checkout $CRIU_VERSION - RUN make -j $(nproc) -RUN mv ./criu/criu ./criu/criu-iptables - -# build with nftables support -RUN DEBIAN_FRONTEND=noninteractive apt-get install -y libnftables-dev -RUN make clean && make -j $(nproc) # we just add libs and binaries from scratch so this image can be used with # containerd's client.Install. FROM scratch AS export-stage COPY --from=build /workspace/criu/criu/criu /bin/ -COPY --from=build /workspace/criu/criu/criu-iptables /bin/ COPY --from=build /usr/lib/*-linux-gnu/libprotobuf-c.so.1 /lib/ COPY --from=build /lib/*-linux-gnu/libnl-3.so.200 /lib/ COPY --from=build /usr/lib/*-linux-gnu/libnet.so.1 /lib/ -COPY --from=build /lib/*-linux-gnu/libnftables.so.1 /lib/ -COPY --from=build /lib/*-linux-gnu/libnftnl.so.11 /lib/ COPY --from=build /lib/*-linux-gnu/libjansson.so.4 /lib/