GitHub Actions: use Linux runners for nested virt

"Larger" runners are no longer needed for Linux with nested virt. Replaces PR 3382 Signed-off-by: Akihiro Suda <[email protected]>
kubernetes-sigs · Jan 19, 2024 · 1168397 · 1168397
1 parent 40c81f1
commit 1168397
Showing 1 changed file with 32 additions and 18 deletions.
diff --git a/.github/workflows/cgroup2.yaml b/.github/workflows/cgroup2.yaml
@@ -14,8 +14,7 @@ permissions:
 jobs:
   docker:
     name: Cgroup v2
-    # nested virtualization is only available on macOS hosts
-    runs-on: macos-12
+    runs-on: ubuntu-22.04
     timeout-minutes: 30
     strategy:
       fail-fast: false
@@ -25,65 +24,80 @@ jobs:
     env:
       KIND_EXPERIMENTAL_PROVIDER: "${{ matrix.provider }}"
       ROOTLESS: "${{ matrix.rootless }}"
-      HELPER: "./hack/ci/vagrant-helper.sh"
+      HELPER: "sudo ./hack/ci/vagrant-helper.sh"
       JOB_NAME: "cgroup2-${{ matrix.provider }}-${{ matrix.rootless }}"
     steps:
       - name: Check out code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
+      # https://github.com/containerd/containerd/blob/420503072e58f27a7192ddea4e6e41dced911cb9/.github/workflows/ci.yml#L569-L581
+      - name: Set up vagrant
+        run: |
+          # Canonical's Vagrant 2.2.19 dpkg cannot download Fedora 38 image: https://bugs.launchpad.net/vagrant/+bug/2017828
+          # So we have to install Vagrant >= 2.3.1 from the upstream: https://github.com/opencontainers/runc/blob/v1.1.8/.cirrus.yml#L41-L49
+          curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+          echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
+          sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list
+          sudo apt-get update
+          sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant
+          sudo systemctl enable --now libvirtd
+          sudo apt-get build-dep -y vagrant ruby-libvirt
+          sudo apt-get install -y --no-install-recommends libxslt-dev libxml2-dev libvirt-dev ruby-bundler ruby-dev zlib1g-dev
+          sudo vagrant plugin install vagrant-libvirt
+
       - name: Boot Fedora
         run: |
           ln -sf ./hack/ci/Vagrantfile ./Vagrantfile
           # Retry if it fails (download.fedoraproject.org returns 404 sometimes)
           # Spend up to 10 seconds on this
           for i in {1..4}; do
-            if vagrant up; then
+            if sudo vagrant up; then
               break
             fi
-            vagrant destroy -f
+            sudo vagrant destroy -f
             sleep $i
           done
 
       - name: Set up Rootless Docker
         if: ${{ matrix.provider == 'docker' && matrix.rootless == 'rootless' }}
         run: |
           # Disable the rootful daemon
-          "$HELPER" sudo systemctl disable --now docker
+          $HELPER sudo systemctl disable --now docker
           # Install the systemd unit
-          "$HELPER" dockerd-rootless-setuptool.sh install
+          $HELPER dockerd-rootless-setuptool.sh install
           # Modify the client config to use the rootless daemon by default
-          "$HELPER" docker context use rootless
+          $HELPER docker context use rootless
 
       - name: Set up Rootless Podman
         if: ${{ matrix.provider == 'podman' && matrix.rootless == 'rootless' }}
         run: |
           # Restart the user session to ensure the cgroup delegation
           # ref: https://github.com/kubernetes-sigs/kind/pull/2754#issuecomment-1124027063
-          "$HELPER" sudo loginctl terminate-user vagrant || true
+          $HELPER sudo loginctl terminate-user vagrant || true
           # We have modprobe ip6_tables in Vagrantfile, but it seems we have to modprobe it once again
-          "$HELPER" sudo modprobe ip6_tables
+          $HELPER sudo modprobe ip6_tables
 
       - name: Show provider info
         run: |
-          "$HELPER" "$KIND_EXPERIMENTAL_PROVIDER" info
-          "$HELPER" "$KIND_EXPERIMENTAL_PROVIDER" version
+          $HELPER "$KIND_EXPERIMENTAL_PROVIDER" info
+          $HELPER "$KIND_EXPERIMENTAL_PROVIDER" version
 
       - name: Create a cluster
         run: |
-          "$HELPER" kind create cluster -v7 --wait 10m --retain
+          $HELPER kind create cluster -v7 --wait 10m --retain
 
       - name: Get Cluster status
         run: |
-          "$HELPER" kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns
-          "$HELPER" kubectl get nodes -o wide
-          "$HELPER" kubectl get pods -A
+          $HELPER kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns
+          $HELPER kubectl get nodes -o wide
+          $HELPER kubectl get pods -A
 
       - name: Export logs
         if: always()
         run: |
-          "$HELPER" kind export logs /tmp/kind/logs
+          $HELPER kind export logs /tmp/kind/logs
           mkdir -p /tmp/kind/logs
-          "$HELPER" tar cC /tmp/kind/logs . | tar xC /tmp/kind/logs
+          $HELPER tar cC /tmp/kind/logs . | tar xC /tmp/kind/logs
 
       - name: Upload logs
         if: always()