[WIP] Support remote podman

pkg/build/nodeimage/const_cni.go

@@ -91,7 +91,6 @@ spec:
       hostNetwork: true
       tolerations:
       - operator: Exists
-        effect: NoSchedule
       serviceAccountName: kindnet
       containers:
       - name: kindnet-cni

pkg/cluster/internal/create/create.go

@@ -67,7 +67,7 @@ type ClusterOptions struct {
 // Cluster creates a cluster
 func Cluster(logger log.Logger, p providers.Provider, opts *ClusterOptions) error {
 	// validate provider first
-	if err := validateProvider(p); err != nil {
+	if err := validateProvider(p, logger); err != nil {
 		return err
 	}
 
@@ -240,7 +240,7 @@ func fixupOptions(opts *ClusterOptions) error {
 	return nil
 }
 
-func validateProvider(p providers.Provider) error {
+func validateProvider(p providers.Provider, logger log.Logger) error {
 	info, err := p.Info()
 	if err != nil {
 		return err
@@ -249,7 +249,11 @@ func validateProvider(p providers.Provider) error {
 		if !info.Cgroup2 {
 			return errors.New("running kind with rootless provider requires cgroup v2, see https://kind.sigs.k8s.io/docs/user/rootless/")
 		}
-		if !info.SupportsMemoryLimit || !info.SupportsPidsLimit || !info.SupportsCPUShares {
+		if !*info.SupportsMemoryLimit || !*info.SupportsPidsLimit || !*info.SupportsCPUShares {
+			logger.Warnf("support for memory and pids limit and CPU share unknown")
+			logger.Warnf("running kind with rootless provider requires setting systemd property \"Delegate=yes\", see https://kind.sigs.k8s.io/docs/user/rootless/")
+		}
+		if info.SupportsMemoryLimit == nil || info.SupportsPidsLimit == nil || info.SupportsCPUShares == nil {
 			return errors.New("running kind with rootless provider requires setting systemd property \"Delegate=yes\", see https://kind.sigs.k8s.io/docs/user/rootless/")
 		}
 	}

pkg/cluster/internal/providers/docker/provider.go

@@ -322,9 +322,14 @@ func info() (*providers.ProviderInfo, error) {
 	// values are meaningless and need to be considered false.
 	// https://github.com/moby/moby/issues/42151
 	if dInfo.CgroupDriver != "none" {
-		info.SupportsMemoryLimit = dInfo.MemoryLimit
-		info.SupportsPidsLimit = dInfo.PidsLimit
-		info.SupportsCPUShares = dInfo.CPUShares
+		info.SupportsMemoryLimit = &dInfo.MemoryLimit
+		info.SupportsPidsLimit = &dInfo.PidsLimit
+		info.SupportsCPUShares = &dInfo.CPUShares
+	} else {
+		False := false
+		info.SupportsMemoryLimit = &False
+		info.SupportsPidsLimit = &False
+		info.SupportsCPUShares = &False
 	}
 	for _, o := range dInfo.SecurityOptions {
 		// o is like "name=seccomp,profile=default", or "name=rootless",

pkg/cluster/internal/providers/podman/provider.go

@@ -19,7 +19,6 @@ package podman
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@@ -358,45 +357,46 @@ func (p *provider) CollectLogs(dir string, nodes []nodes.Node) error {
 // Info returns the provider info.
 // The info is cached on the first time of the execution.
 func (p *provider) Info() (*providers.ProviderInfo, error) {
+	var err error
 	if p.info == nil {
-		p.info = info(p.logger)
+		p.info, err = info(p.logger)
 	}
-	return p.info, nil
+	return p.info, err
 }
 
-func info(logger log.Logger) *providers.ProviderInfo {
-	euid := os.Geteuid()
-	info := &providers.ProviderInfo{
-		Rootless: euid != 0,
-	}
-	if _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers"); err == nil {
-		info.Cgroup2 = true
-		// Unlike `docker info`, `podman info` does not print available cgroup controllers.
-		// So we parse "cgroup.subtree_control" file by ourselves.
-		subtreeControl := "/sys/fs/cgroup/cgroup.subtree_control"
-		if info.Rootless {
-			// Change subtreeControl to the path of the systemd user-instance.
-			// Non-systemd hosts are not supported.
-			subtreeControl = fmt.Sprintf("/sys/fs/cgroup/user.slice/user-%d.slice/user@%d.service/cgroup.subtree_control", euid, euid)
-		}
-		if subtreeControlBytes, err := ioutil.ReadFile(subtreeControl); err != nil {
-			logger.Warnf("failed to read %q: %+v", subtreeControl, err)
-		} else {
-			for _, controllerName := range strings.Fields(string(subtreeControlBytes)) {
-				switch controllerName {
-				case "cpu":
-					info.SupportsCPUShares = true
-				case "memory":
-					info.SupportsMemoryLimit = true
-				case "pids":
-					info.SupportsPidsLimit = true
-				}
-			}
-		}
-	} else if !info.Rootless {
-		info.SupportsCPUShares = true
-		info.SupportsMemoryLimit = true
-		info.SupportsPidsLimit = true
-	}
-	return info
+type podmanInfo struct{
+	Host struct {
+		CGroupManager string `json:"cgroupManager"`
+		CGroupVersion string `json:"cgroupVersion"`
+	} `json:"host"`
+	Security struct {
+		Rootless bool `json:"rootless"`
+	} `json:"security"`
 }
+
+func info(logger log.Logger) (*providers.ProviderInfo, error) {
+	cmd := exec.Command("podman", "info", "--format", "{{json .}}")
+	out, err := exec.Output(cmd)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get podman info")
+	}
+	var pInfo podmanInfo
+	if err := json.Unmarshal(out, &pInfo); err != nil {
+		return nil, err
+	}
+	info := providers.ProviderInfo{
+		Cgroup2: pInfo.Host.CGroupVersion == "v2",
+	}
+	info.Rootless = pInfo.Security.Rootless
+	// When CgroupManager == "none", the MemoryLimit/PidsLimit/CPUShares
+	// values are meaningless and need to be considered false.
+	// https://github.com/moby/moby/issues/42151
+	// When CGroupManager is set, we leave the default "nil" which we use as "unknown"
+	if pInfo.Host.CGroupManager == "none" {
+		False := false
+		info.SupportsMemoryLimit = &False
+		info.SupportsPidsLimit = &False
+		info.SupportsCPUShares = &False
+	}
+	return &info, nil
+}

pkg/cluster/internal/providers/provider.go

@@ -53,7 +53,8 @@ type Provider interface {
 type ProviderInfo struct {
 	Rootless            bool
 	Cgroup2             bool
-	SupportsMemoryLimit bool
-	SupportsPidsLimit   bool
-	SupportsCPUShares   bool
+	// true if supported, false if not supported, nil if unknown
+	SupportsMemoryLimit *bool
+	SupportsPidsLimit   *bool
+	SupportsCPUShares   *bool
 }

pkg/internal/apis/config/validate.go

@@ -29,7 +29,7 @@ import (
 // and suffix this name, we can relax it a little
 // see NewContext() for usage
 // https://godoc.org/github.com/docker/docker/daemon/names#pkg-constants
-var validNameRE = regexp.MustCompile(`^[a-z0-9_.-]+$`)
+var validNameRE = regexp.MustCompile(`^[a-z0-9.-]+$`)
 
 // Validate returns a ConfigErrors with an entry for each problem
 // with the config, or nil if there are none