Add crun support (#6864)

Signed-off-by: Victor Morales <[email protected]>

roles/container-engine/cri-o/defaults/main.yml

@@ -54,6 +54,13 @@ kata_runtimes:
     type: oci
     root: /run/kata-containers
 
+# crun is a fast and low-memory footprint OCI Container Runtime fully written in C.
+crun_runtime:
+  name: crun
+  path: /usr/bin/crun
+  type: oci
+  root: /run/crun
+
 # When this is true, CRI-O package repositories are added. Set this to false when using an
 # environment with preconfigured CRI-O package repositories.
 crio_add_repos: true

roles/container-engine/cri-o/tasks/main.yaml

@@ -45,12 +45,18 @@
 
 - import_tasks: "crictl.yml"
 
-- name: Build a list of crio runtimes
+- name: Build a list of crio runtimes with Katacontainers runtimes
   set_fact:
     crio_runtimes: "{{ crio_runtimes + kata_runtimes  }}"
   when:
     - kata_containers_enabled
 
+- name: Build a list of crio runtimes with crun runtime
+  set_fact:
+    crio_runtimes: "{{ crio_runtimes + [crun_runtime] }}"
+  when:
+    - crun_enabled
+
 - name: Make sure needed folders exist in the system
   with_items:
     - /etc/crio

roles/container-engine/crun/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+crun_version: 0.15
+crun_release_url: https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ host_architecture }}
+crun_bin_dir: /usr/bin/

roles/container-engine/crun/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Create binary destination folder
+  file:
+    mode: '0755'
+    state: directory
+    path: "{{ crun_bin_dir }}"
+
+- name: Check if binary exists
+  stat:
+    path: "{{ crun_bin_dir }}/crun"
+  register: crun_stat
+
+- name: Download binary
+  get_url:
+    url: "{{ crun_release_url }}"
+    dest: "{{ crun_bin_dir }}/crun"
+    mode: '0755'
+  when: not crun_stat.stat.exists

roles/container-engine/meta/main.yml

@@ -7,6 +7,13 @@ dependencies:
       - container-engine
       - kata-containers
 
+  - role: container-engine/crun
+    when:
+      - crun_enabled
+    tags:
+      - container-engine
+      - crun
+
   - role: container-engine/cri-o
     when:
       - container_manager == 'crio'

roles/kubernetes-apps/container_runtimes/crun/files/runtimeclass-crun.yml

@@ -0,0 +1,6 @@
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1beta1
+metadata:
+  name: crun
+handler: crun

roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml

@@ -0,0 +1,19 @@
+---
+
+- name: crun | Copy runtime class manifest
+  copy:
+    src: runtimeclass-crun.yml
+    dest: "{{ kube_config_dir }}/runtimeclass-crun.yml"
+    mode: preserve
+  when:
+    - inventory_hostname == groups['kube-master'][0]
+
+- name: crun | Apply manifests
+  kube:
+    name: "runtimeclass-crun"
+    kubectl: "{{ bin_dir }}/kubectl"
+    resource: "runtimeclass"
+    filename: "{{ kube_config_dir }}/runtimeclass-crun.yml"
+    state: "latest"
+  when:
+    - inventory_hostname == groups['kube-master'][0]

roles/kubernetes-apps/container_runtimes/meta/main.yml

@@ -6,3 +6,10 @@ dependencies:
       - apps
       - kata-containers
       - container-runtimes
+
+  - role: kubernetes-apps/container_runtimes/crun
+    when: crun_enabled
+    tags:
+      - apps
+      - crun
+      - container-runtimes

roles/kubespray-defaults/defaults/main.yaml

@@ -224,6 +224,10 @@ container_manager: docker
 # When enabled, it requires `container_manager` different than Docker
 kata_containers_enabled: false
 
+# Enable crun as additional container runtime
+# When enabled, it requires container_manager=crio
+crun_enabled: false
+
 # Container on localhost (download images when download_localhost is true)
 container_manager_on_localhost: "{{ container_manager }}"