[Feat] Add helm charts for nydus-snapshotter for convenient K8s deploytment #719
[Feat] Add helm charts for nydus-snapshotter for convenient K8s deploytment #719Zephyrcf wants to merge 10 commits intocontainerd:mainfrom
Conversation
Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
Signed-off-by: Zephyrcf <zinsist777@gmail.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #719 +/- ##
==========================================
+ Coverage 22.02% 22.99% +0.96%
==========================================
Files 130 131 +1
Lines 11931 12194 +263
==========================================
+ Hits 2628 2804 +176
- Misses 8960 9040 +80
- Partials 343 350 +7
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Adds a Helm-based Kubernetes deployment path for nydus-snapshotter, including a dedicated “Helm image” build and E2E workflow support. To make the DaemonSet-based deployment feasible, it also introduces a delegate_nydusd mode so the snapshotter can start nydusd via host systemd when running in a container with host namespaces.
Changes:
- Add Helm chart templates/values to deploy
nydus-snapshotteras a privileged DaemonSet with optional host containerd bootstrapping. - Introduce
delegate_nydusdconfig wiring and implement delegatednydusdstartup viasystemd-run+ host mount namespace entry. - Add CI support: Helm chart lint/template + kind-based E2E, and publish an additional “helm” container image flavor.
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 16 comments.
Show a summary per file
| File | Description |
|---|---|
snapshot/snapshot.go |
Wires DelegateNydusd into the manager construction (currently for fusedev manager). |
pkg/system/system.go |
Switches daemon upgrade launch path to the new StartDaemonProcess helper. |
pkg/manager/manager.go |
Adds DelegateNydusd option/field to Manager. |
pkg/manager/daemon_event.go |
Updates upgrade flow to use StartDaemonProcess. |
pkg/manager/daemon_adaptor.go |
Implements delegated daemon spawn (systemd-run), mount-namespace execution helper, and PID parsing. |
misc/snapshotter/setup.sh |
Adds an entrypoint script that installs artifacts and optionally restarts host containerd after socket readiness. |
misc/snapshotter/config.toml |
Fixes typos and aligns formatting for the sample config. |
misc/snapshotter/Dockerfile |
Adjusts kubectl sourcing behavior (now uses the “stable” channel). |
docker/Dockerfile |
Introduces a new “Helm image” Dockerfile that bundles containerd-nydus-grpc, ctr, and helper tooling. |
config/config.go |
Adds delegate_nydusd to the snapshotter TOML config schema. |
charts/values.yaml |
Adds Helm values for image/config and DaemonSet/host setup defaults. |
charts/templates/snapshotter-config.yaml |
Adds ConfigMap rendering for config.toml. |
charts/templates/service-account.yaml |
Adds (optional) ServiceAccount creation. |
charts/templates/runc-nydus.yaml |
Adds RuntimeClass definitions for runc-nydus and runc-overlayfs. |
charts/templates/daemonset.yaml |
Adds the main DaemonSet, including invasive host containerd config mutation/restart path. |
charts/templates/cluster-role.yaml |
Adds a ClusterRole (currently empty rules). |
charts/templates/cluster-role-binding.yaml |
Adds ClusterRoleBinding for the ServiceAccount (to the empty ClusterRole). |
charts/templates/_helpers.tpl |
Provides naming helpers and config rendering/legacy mapping logic. |
charts/Chart.yaml |
Adds Helm chart metadata. |
README.md |
Updates Kubernetes installation guidance to reference Helm install. |
.github/workflows/release.yml |
Adds build/push step for the Helm image variant. |
.github/workflows/helm-e2e.yml |
Adds Helm lint/template and kind-based E2E + hot-upgrade CI coverage. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
.github/workflows/helm-e2e.yml
Outdated
|
|
||
| sleep 30 | ||
|
|
||
| for i in $(seq 1 12); do |
There was a problem hiding this comment.
We've already used 'kubectl wait' later to wait for the snapshotter pod to be ready, so why do we need a loop check here?
There was a problem hiding this comment.
done.
kubectl wait later only waits for the final Ready condition, but here we need a stronger check. In CI we've seen cases where that is not enough: the DaemonSet is scheduled, but the new snapshotter pod is still being recreated,stuck in init, or failing with FailedCreatePodSandBox. The loop in tests/helpers/helm-e2e.sh lets us track the actual candidate pod and fail early with useful diagnostics instead of just timing out.
charts/templates/runc-nydus.yaml
Outdated
| apiVersion: node.k8s.io/v1 | ||
| kind: RuntimeClass | ||
| metadata: | ||
| name: runc-nydus |
There was a problem hiding this comment.
Right now, we don't recommend using the RuntimeClass-level snapshotter approach, as containerd's implementation of it is still experimental (not sure about the current status in containerd v2.x), and it has caused some snapshot issues. We'd suggest sticking with the global snapshotter configuration in the helm chart for now.
There was a problem hiding this comment.
done. the chart already sets nydus as the default snapshotter in containerd. the runc-overlayfs RuntimeClass is only for bootstrapping the snapshotter pod itself with runc+overlayfs.
.github/workflows/helm-e2e.yml
Outdated
| helm upgrade "${HELM_RELEASE}" charts/ \ | ||
| --namespace "${HELM_NAMESPACE}" \ | ||
| --reuse-values \ | ||
| --set snapshotter.config.daemon.nydusd_path=/opt/nydus/bin/new-nydusd \ |
There was a problem hiding this comment.
Since the new nydusd is already included in the new snapshotter image, why do we still need to set nydusd_path here? This adds complexity to the hot upgrade process.
There was a problem hiding this comment.
I am currently creating two snapshotter images. The corresponding nydus versions inside the images are different for hot upgrade testing.
charts/templates/_helpers.tpl
Outdated
| {{- end }} | ||
|
|
||
| {{/* | ||
| Default snapshotter config values used to render config.toml. |
There was a problem hiding this comment.
It's better not to declare these here, as it could complicate maintenance when configurations change in the future. Letting users modify snapshotter-config.yaml directly is sufficient.
There was a problem hiding this comment.
I retain part of the configuration in the tpl so that DaemonSet rolling can be triggered through checksum/configuration, while providing basic configuration for users to modify.
|
|
||
| echo "=== Configuring containerd ===" | ||
| cat > "$desiredProxyConfig" <<'EOF' | ||
| version = 2 |
There was a problem hiding this comment.
We need to make configuration changes compatible with various versions based on the original containerd version: dragonflyoss/nydus#1810
Overview
Please briefly describe the changes your pull request makes.
Related Issues
Please link to the relevant issue. For example:
Fix #123orRelated #456.#717
Change Details
Please describe your changes in detail:
Test Results
If you have any relevant screenshots or videos that can help illustrate your changes, please add them here.
Change Type
Please select the type of change your pull request relates to:
Self-Checklist
Before submitting a pull request, please ensure you have completed the following: