feat: implement install and uninstall flow

[voigt]

Describe your changes

1. This PR makes sure we use the node-installer for the install job.
2. The PR adds a "shim-downloader" image. The idea is to use the downloader as initContainer: this makes the download & unzip procedure customizable to make shim downloading configurable.
3. This PR adds the configuration required to distinguish "install" and "uninstall" jobs

Issue ticket number and link

Addresses #52

How to test

# create kind cluster with annotations
make kind

# run rcm locally, against kind cluster
CONTROLLER_NAMESPACE="default" \
SHIM_DOWNLOADER_IMAGE="ghcr.io/spinkube/shim-downloader:latest-feat-add_shim_downloader" \
SHIM_NODE_INSTALLER_IMAGE="ghcr.io/spinkube/node-installer:latest-feat-add_shim_downloader" \
go run -ldflags "${LDFLAGS}" ./cmd/rcm/main.go

Install Spin Shim

# create spin shim resource
kubectl apply -f ./config/samples/test_shim_spin.yaml

Two jobs will be scheduled on nodes with label spin=true

• kwasm-worker-spin-v2-install
• kwasm-worker2-spin-v2-install

After jobs will eventually succeed:

kubectl get shims
NAME      RUNTIMECLASS   READY   NODES
spin-v2   spin-v2        2       2

Check containerd config on worker and worker2:

bash docker exec -it $(docker ps --format json | jq -r '. | "\(.ID) \(.Names)"' | grep kwasm-worker2 | awk '{print $1}') cat /etc/containerd/config.toml

[...] # KWASM runtime config for spin-v2 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.spin-v2] runtime_type = "/opt/kwasm/bin/containerd-shim-spin-v2"

Check spin-v2 runtime binary:

docker exec -it $(docker ps --format json | jq -r '. | "\(.ID) \(.Names)"' | grep kwasm-worker2 | awk '{print $1}') ls -lah /opt/kwasm/bin
total 40M
drwxr-xr-x 1 root root  46 May 19 20:35 .
drwxr-xr-x 1 root root  36 May 19 20:35 ..
-rwxr-xr-x 1 root root 40M May 19 20:36 containerd-shim-spin-v2

Uninstall Spin Shim

# delete spin shim resource
kubectl delete shim spin-v2

Two jobs will be scheduled on nodes with label spin=true

• kwasm-worker2-spin-v2-uninstall
• kwasm-worker-spin-v2-uninstall

Check containerd config of worker or worker2; directive for spin-v2 is successfully removed:
bash docker exec -it $(docker ps --format json | jq -r '. | "\(.ID) \(.Names)"' | grep kwasm-worker2 | awk '{print $1}') cat /etc/containerd/config.toml

Check for binary, which is also removed:

docker exec -it $(docker ps --format json | jq -r '. | "\(.ID) \(.Names)"' | grep kwasm-worker2 | awk '{print $1}') ls -lah /opt/kwasm/bin
total 0
drwxr-xr-x 1 root root  0 May 19 20:36 .
drwxr-xr-x 1 root root 36 May 19 20:35 ..

Known Issues

Install and uninstall Jobs spawn two pods in total: one pod successfully doing install/uninstall operations, but ending in unknown state. The other one in "completed" state, doing effectively nothing. This is not as clean as I want it to be.

Bug is documented here: #140

A fix of this bug should be done in a separate PR.

Checklist before requesting a review

• I have performed a self-review of my code
• If it is a core feature, I have added thorough tests. installation/uninstallation procedure should be tested in a dedicated CI job; right now a helm chart is missing
• I tested the changes with the following distributions:
  • Kind (with rcm running locally)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details

Scanned Manifest Files

[0xE282B0]

Some notes:

• SpinKube uses wasmtime-spin-v2 as default, to use the RCM example together with the SpinKube Quickstart the runtimeClassName in the SpinAppExecutor resource needs to be adapted to spin-v2 (we should choose the same for both quickstarts)
• Every installer job on every node does a download as init step. (just a note)
• I did not face the known issue in my setup, but we will face it more often when we run jobs in parallel that try to restart containerd.

LGTM: Install/Uninstall functionality works for me.