Skip to content

test: containerd+erofs+stacker support #750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
rchincha wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

test: containerd+erofs+stacker support #750

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ TOOLS_D := $(HACK_D)/tools
REGCLIENT := $(TOOLS_D)/bin/regctl
REGCLIENT_VERSION := v0.5.1
SKOPEO = $(TOOLS_D)/bin/skopeo
CONTAINERD = $(TOOLS_D)/bin/containerd
export SKOPEO_VERSION = 1.13.0
BATS = $(TOOLS_D)/bin/bats
BATS_VERSION := v1.10.0
Expand Down Expand Up @@ -135,7 +136,7 @@ go-test:
go tool cover -html coverage.txt -o $(HACK_D)/coverage.html

.PHONY: download-tools
download-tools: $(GOLANGCI_LINT) $(REGCLIENT) $(ZOT) $(BATS) $(UMOCI) $(SKOPEO)
download-tools: $(GOLANGCI_LINT) $(REGCLIENT) $(ZOT) $(BATS) $(UMOCI) $(SKOPEO) $(CONTAINERD)

$(GOLANGCI_LINT):
@mkdir -p $(dir $@)
Expand Down Expand Up @@ -167,6 +168,16 @@ $(SKOPEO):
cd $(TOP_LEVEL); \
rm -rf $$tmpdir;

$(CONTAINERD):
Copy link
Contributor

@raharper raharper Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please use dlbin see the (ZOT), (REGCLIENT) entries in makefile

@set -e; mkdir -p "$(TOOLS_D)/bin"; \
tmpdir=$$(mktemp -d); \
cd $$tmpdir; \
wget https://github.com/containerd/containerd/releases/download/v2.1.4/containerd-2.1.4-linux-amd64.tar.gz; \
tar xvf containerd-2.1.4-linux-amd64.tar.gz; \
cp bin/containerd $(CONTAINERD);
cd $(TOP_LEVEL); \
rm -rf $$tmpdir;

$(BATS):
mkdir -p $(TOOLS_D)/bin
rm -rf bats-core
Expand Down
13 changes: 13 additions & 0 deletions test/containerd-erofs.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
load helpers

function setup() {
stacker_setup
}

function teardown() {
cleanup
}

@test "containerd with erofs support" {
${ROOT_DIR}/hack/tools/bin/containerd -c ${ROOT_DIR}/test/data/config.toml
}
260 changes: 260 additions & 0 deletions test/data/config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,260 @@
version = 3
root = '/var/lib/containerd'
state = '/run/containerd'
temp = ''
disabled_plugins = []
required_plugins = []
oom_score = 0
imports = []

[grpc]
address = '/run/containerd/containerd.sock'
tcp_address = ''
tcp_tls_ca = ''
tcp_tls_cert = ''
tcp_tls_key = ''
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216

[ttrpc]
address = ''
uid = 0
gid = 0

[debug]
address = ''
uid = 0
gid = 0
level = ''
format = ''

[metrics]
address = ''
grpc_histogram = false

[plugins]
[plugins.'io.containerd.cri.v1.images']
snapshotter = 'overlayfs'
disable_snapshot_annotations = true
discard_unpacked_layers = false
max_concurrent_downloads = 3
concurrent_layer_fetch_buffer = 0
image_pull_progress_timeout = '5m0s'
image_pull_with_sync_fs = false
stats_collect_period = 10
use_local_image_pull = false

[plugins.'io.containerd.cri.v1.images'.pinned_images]
sandbox = 'registry.k8s.io/pause:3.10'
Copy link
Contributor

@raharper raharper Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we mirror this to our ghcr.io


[plugins.'io.containerd.cri.v1.images'.registry]
config_path = ''

[plugins.'io.containerd.cri.v1.images'.image_decryption]
key_model = 'node'

[plugins.'io.containerd.cri.v1.runtime']
enable_selinux = false
selinux_category_range = 1024
max_container_log_line_size = 16384
disable_apparmor = false
restrict_oom_score_adj = false
disable_proc_mount = false
unset_seccomp_profile = ''
tolerate_missing_hugetlb_controller = true
disable_hugetlb_controller = true
device_ownership_from_security_context = false
ignore_image_defined_volumes = false
netns_mounts_under_state_dir = false
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
enable_cdi = true
cdi_spec_dirs = ['/etc/cdi', '/var/run/cdi']
drain_exec_sync_io_timeout = '0s'
ignore_deprecation_warnings = []

[plugins.'io.containerd.cri.v1.runtime'.containerd]
default_runtime_name = 'runc'
ignore_blockio_not_enabled_errors = false
ignore_rdt_not_enabled_errors = false

[plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes]
[plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.runc]
runtime_type = 'io.containerd.runc.v2'
runtime_path = ''
pod_annotations = []
container_annotations = []
privileged_without_host_devices = false
privileged_without_host_devices_all_devices_allowed = false
cgroup_writable = false
base_runtime_spec = ''
cni_conf_dir = ''
cni_max_conf_num = 0
snapshotter = ''
sandboxer = 'podsandbox'
io_type = ''

[plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.runc.options]
BinaryName = ''
CriuImagePath = ''
CriuWorkPath = ''
IoGid = 0
IoUid = 0
NoNewKeyring = false
Root = ''
ShimCgroup = ''

[plugins.'io.containerd.cri.v1.runtime'.cni]
bin_dir = ''
bin_dirs = ['/opt/cni/bin']
conf_dir = '/etc/cni/net.d'
max_conf_num = 1
setup_serially = false
conf_template = ''
ip_pref = ''
use_internal_loopback = false

[plugins.'io.containerd.gc.v1.scheduler']
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = '0s'
startup_delay = '100ms'

[plugins.'io.containerd.grpc.v1.cri']
disable_tcp_service = true
stream_server_address = '127.0.0.1'
stream_server_port = '0'
stream_idle_timeout = '4h0m0s'
enable_tls_streaming = false

[plugins.'io.containerd.grpc.v1.cri'.x509_key_pair_streaming]
tls_cert_file = ''
tls_key_file = ''

[plugins.'io.containerd.image-verifier.v1.bindir']
bin_dir = '/opt/containerd/image-verifier/bin'
max_verifiers = 10
per_verifier_timeout = '10s'

[plugins.'io.containerd.internal.v1.opt']
path = '/opt/containerd'

[plugins.'io.containerd.internal.v1.tracing']

[plugins.'io.containerd.metadata.v1.bolt']
content_sharing_policy = 'shared'
no_sync = false

[plugins.'io.containerd.monitor.container.v1.restart']
interval = '10s'

[plugins.'io.containerd.monitor.task.v1.cgroups']
no_prometheus = false

[plugins.'io.containerd.nri.v1.nri']
disable = false
socket_path = '/var/run/nri/nri.sock'
plugin_path = '/opt/nri/plugins'
plugin_config_path = '/etc/nri/conf.d'
plugin_registration_timeout = '5s'
plugin_request_timeout = '2s'
disable_connections = false

[plugins.'io.containerd.runtime.v2.task']
platforms = ['linux/amd64']

[plugins.'io.containerd.service.v1.diff-service']
default = ['erofs', 'walking']
sync_fs = false

[plugins."io.containerd.differ.v1.erofs"]
mkfs_options = ["--sort=none"]

[[plugins."io.containerd.transfer.v1.local".unpack_config]]
differ = "erofs"
platform = "linux/amd64"
snapshotter = "erofs"
layer_types = ["application/vnd.erofs"]

[plugins.'io.containerd.service.v1.tasks-service']
blockio_config_file = ''
rdt_config_file = ''

[plugins.'io.containerd.shim.v1.manager']
env = []

[plugins.'io.containerd.snapshotter.v1.blockfile']
root_path = ''
scratch_file = ''
fs_type = ''
mount_options = []
recreate_scratch = false

[plugins.'io.containerd.snapshotter.v1.btrfs']
root_path = ''

[plugins.'io.containerd.snapshotter.v1.devmapper']
root_path = ''
pool_name = ''
base_image_size = ''
async_remove = false
discard_blocks = false
fs_type = ''
fs_options = ''

[plugins.'io.containerd.snapshotter.v1.erofs']
root_path = ''
ovl_mount_options = []
enable_fsverity = false

[plugins.'io.containerd.snapshotter.v1.native']
root_path = ''

[plugins.'io.containerd.snapshotter.v1.overlayfs']
root_path = ''
upperdir_label = false
sync_remove = false
slow_chown = false
mount_options = []

[plugins.'io.containerd.snapshotter.v1.zfs']
root_path = ''

[plugins.'io.containerd.tracing.processor.v1.otlp']

[plugins.'io.containerd.transfer.v1.local']
max_concurrent_downloads = 3
concurrent_layer_fetch_buffer = 0
max_concurrent_uploaded_layers = 3
check_platform_supported = false
config_path = ''

[cgroup]
path = ''

[timeouts]
'io.containerd.timeout.bolt.open' = '0s'
'io.containerd.timeout.cri.defercleanup' = '1m0s'
'io.containerd.timeout.metrics.shimstats' = '2s'
'io.containerd.timeout.shim.cleanup' = '5s'
'io.containerd.timeout.shim.load' = '5s'
'io.containerd.timeout.shim.shutdown' = '3s'
'io.containerd.timeout.task.state' = '2s'

[stream_processors]
[stream_processors.'io.containerd.ocicrypt.decoder.v1.tar']
accepts = ['application/vnd.oci.image.layer.v1.tar+encrypted']
returns = 'application/vnd.oci.image.layer.v1.tar'
path = 'ctd-decoder'
args = ['--decryption-keys-path', '/etc/containerd/ocicrypt/keys']
env = ['OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf']

[stream_processors.'io.containerd.ocicrypt.decoder.v1.tar.gzip']
accepts = ['application/vnd.oci.image.layer.v1.tar+gzip+encrypted']
returns = 'application/vnd.oci.image.layer.v1.tar+gzip'
path = 'ctd-decoder'
args = ['--decryption-keys-path', '/etc/containerd/ocicrypt/keys']
env = ['OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf']
Loading