From 986b64fb47a534d3046695cf0dd71ceb193e0e57 Mon Sep 17 00:00:00 2001
From: Kate Goldenring <kate.goldenring@microsoft.com>
Date: Fri, 12 Nov 2021 17:36:55 +0000
Subject: [PATCH] Install crictl into agent containers

---
 .github/workflows/run-test-cases.yml   | 30 +++-----------------------
 build/containers/Dockerfile.agent      | 11 +++++++++-
 build/containers/Dockerfile.agent-full | 10 ++++++++-
 deployment/helm/templates/agent.yaml   |  7 +-----
 deployment/helm/values.yaml            |  2 --
 5 files changed, 23 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/run-test-cases.yml b/.github/workflows/run-test-cases.yml
index 5eabf3590..81acf0db1 100644
--- a/.github/workflows/run-test-cases.yml
+++ b/.github/workflows/run-test-cases.yml
@@ -105,58 +105,40 @@ jobs:
         kube:
           - runtime: MicroK8s-1.16
             version: 1.16/stable
-            crictl: v1.16.0
           - runtime: MicroK8s-1.17
             version: 1.17/stable
-            crictl: v1.16.0
           - runtime: MicroK8s-1.18
             version: 1.18/stable
-            crictl: v1.17.0
           - runtime: MicroK8s-1.19
             version: 1.19/stable
-            crictl: v1.17.0
           - runtime: MicroK8s-1.20
             version: 1.20/stable
-            crictl: v1.17.0
           - runtime: MicroK8s-1.21
             version: 1.21/stable
-            crictl: v1.17.0
           - runtime: K3s-1.16
             version: v1.16.14+k3s1
-            crictl: v1.16.0
           - runtime: K3s-1.17
             version: v1.17.17+k3s1
-            crictl: v1.16.0
           - runtime: K3s-1.18
             version: v1.18.9+k3s1
-            crictl: v1.17.0
           - runtime: K3s-1.19
             version: v1.19.10+k3s1
-            crictl: v1.17.0
           - runtime: K3s-1.20
             version: v1.20.6+k3s1
-            crictl: v1.17.0
           - runtime: K3s-1.21
             version: v1.21.5+k3s1
-            crictl: v1.17.0
           - runtime: Kubernetes-1.16
             version: 1.16.15-00
-            crictl: UNUSED
           - runtime: Kubernetes-1.17
             version: 1.17.14-00
-            crictl: UNUSED
           - runtime: Kubernetes-1.18
             version: 1.18.12-00
-            crictl: UNUSED
           - runtime: Kubernetes-1.19
             version: 1.19.4-00
-            crictl: UNUSED
           - runtime: Kubernetes-1.20
             version: 1.20.1-00
-            crictl: UNUSED
           - runtime: Kubernetes-1.21
             version: 1.21.0-00
-            crictl: UNUSED
         test:
           - case: end-to-end
             file: test/run-end-to-end.py
@@ -209,10 +191,7 @@ jobs:
           sudo chmod g+r /etc/rancher/k3s/k3s.yaml
           sudo chmod 666 /etc/rancher/k3s/*
           mkdir -p ~/.kube/ && cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
-          curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/${{ matrix.kube.crictl }}/crictl-${{ matrix.kube.crictl }}-linux-amd64.tar.gz --output crictl-${{ matrix.kube.crictl }}-linux-amd64.tar.gz
-          sudo tar zxvf crictl-${{ matrix.kube.crictl }}-linux-amd64.tar.gz -C /usr/local/bin
-          rm -f crictl-${{ matrix.kube.crictl }}-linux-amd64.tar.gz
-          echo "--set agent.host.crictl=/usr/local/bin/crictl --set agent.host.dockerShimSock=/run/k3s/containerd/containerd.sock" > /tmp/cri_args_to_test.txt
+          echo "--set agent.host.dockerShimSock=/run/k3s/containerd/containerd.sock" > /tmp/cri_args_to_test.txt
           echo 'kubectl' > /tmp/runtime_cmd_to_test.txt
           echo '~/.kube/config' > /tmp/kubeconfig_path_to_test.txt
           until kubectl get node ${HOSTNAME,,} -o jsonpath='{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status}' | grep 'Ready=True'; do echo "waiting for k3s to become ready"; sleep 10; done
@@ -249,7 +228,7 @@ jobs:
           sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
           sudo chown $(id -u):$(id -g) $HOME/.kube/config
           kubectl taint nodes --all node-role.kubernetes.io/master-
-          echo '--set agent.host.crictl=/usr/bin/crictl --set agent.host.dockerShimSock=/var/run/dockershim.sock' > /tmp/cri_args_to_test.txt
+          echo '--set agent.host.dockerShimSock=/var/run/dockershim.sock' > /tmp/cri_args_to_test.txt
           echo 'kubectl' > /tmp/runtime_cmd_to_test.txt
           echo '~/.kube/config' > /tmp/kubeconfig_path_to_test.txt
           until kubectl get node ${HOSTNAME,,} -o jsonpath='{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status}' | grep 'Ready=True'; do echo "waiting for kubernetes to become ready"; sleep 10; done
@@ -277,10 +256,7 @@ jobs:
           sudo sed -i 's/memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi/memory.available<25Mi,nodefs.available<50Mi,imagefs.available<50Mi/' /var/snap/microk8s/current/args/kubelet
           sudo systemctl restart snap.microk8s.daemon-kubelet
           until sudo microk8s.status --wait-ready; do sleep 5s; echo "Try again"; done
-          curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/${{ matrix.kube.crictl }}/crictl-${{ matrix.kube.crictl }}-linux-amd64.tar.gz --output crictl-${{ matrix.kube.crictl }}-linux-amd64.tar.gz
-          sudo tar zxvf crictl-${{ matrix.kube.crictl }}-linux-amd64.tar.gz -C /usr/local/bin
-          rm -f crictl-${{ matrix.kube.crictl }}-linux-amd64.tar.gz
-          echo '--set agent.host.crictl=/usr/local/bin/crictl --set agent.host.dockerShimSock=/var/snap/microk8s/common/run/containerd.sock' > /tmp/cri_args_to_test.txt
+          echo '--set agent.host.dockerShimSock=/var/snap/microk8s/common/run/containerd.sock' > /tmp/cri_args_to_test.txt
           echo 'microk8s kubectl' > /tmp/runtime_cmd_to_test.txt
           echo '~/.kube/config' > /tmp/kubeconfig_path_to_test.txt
 
diff --git a/build/containers/Dockerfile.agent b/build/containers/Dockerfile.agent
index a89f8e278..be527925e 100644
--- a/build/containers/Dockerfile.agent
+++ b/build/containers/Dockerfile.agent
@@ -9,7 +9,16 @@ RUN echo "Using Rust binaries from ${CROSS_BUILD_TARGET}/${BUILD_TYPE}"
 # Link the container to the Akri repository
 LABEL org.opencontainers.image.source https://github.com/project-akri/akri
 
-RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev openssl && apt-get clean
+RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev openssl curl ca-certificates && apt-get clean
+
 COPY ./target/${CROSS_BUILD_TARGET}/${BUILD_TYPE}/agent /agent
+
+# Install crictl
+RUN VERSION="v1.17.0" && \
+    curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.17.0/crictl-v1.17.0-linux-amd64.tar.gz --output crictl-v1.17.0-linux-amd64.tar.gz &&\
+    tar zxvf crictl-v1.17.0-linux-amd64.tar.gz -C /usr/local/bin && \
+    rm -f crictl-v1.17.0-linux-amd64.tar.gz && \
+    apt-get remove -y curl ca-certificates && apt-get clean
+    
 ENV RUST_LOG agent,akri_shared
 CMD ["./agent"]
diff --git a/build/containers/Dockerfile.agent-full b/build/containers/Dockerfile.agent-full
index 877bdea3f..833f91fa4 100644
--- a/build/containers/Dockerfile.agent-full
+++ b/build/containers/Dockerfile.agent-full
@@ -9,7 +9,15 @@ RUN echo "Using Rust binaries from ${CROSS_BUILD_TARGET}/${BUILD_TYPE}"
 # Link the container to the Akri repository
 LABEL org.opencontainers.image.source https://github.com/project-akri/akri
 
-RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev openssl && apt-get clean
+RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev openssl curl ca-certificates && apt-get clean
+
+# Install crictl
+RUN VERSION="v1.17.0" && \
+    curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.17.0/crictl-v1.17.0-linux-amd64.tar.gz --output crictl-v1.17.0-linux-amd64.tar.gz &&\
+    tar zxvf crictl-v1.17.0-linux-amd64.tar.gz -C /usr/local/bin && \
+    rm -f crictl-v1.17.0-linux-amd64.tar.gz && \
+    apt-get remove -y curl ca-certificates && apt-get clean
+    
 COPY ./target/${CROSS_BUILD_TARGET}/${BUILD_TYPE}/agent-full /agent
 ENV RUST_LOG agent,akri_shared,akri_debug_echo
 CMD ["./agent"]
diff --git a/deployment/helm/templates/agent.yaml b/deployment/helm/templates/agent.yaml
index 478857530..cf8b81146 100644
--- a/deployment/helm/templates/agent.yaml
+++ b/deployment/helm/templates/agent.yaml
@@ -63,7 +63,7 @@ spec:
             value: {{ .Values.debugEcho.configuration.shared | quote }}
           {{- end }}
           - name: HOST_CRICTL_PATH
-            value: /host/usr/bin/crictl
+            value: unix:///usr/local/bin/crictl
           - name: HOST_RUNTIME_ENDPOINT
             value: unix:///host/var/run/dockershim.sock
           - name: HOST_IMAGE_ENDPOINT
@@ -79,8 +79,6 @@ spec:
             mountPath: /var/lib/akri
           - name: device-plugin
             mountPath: /var/lib/kubelet/device-plugins
-          - name: usr-bin-crictl
-            mountPath: /host/usr/bin/crictl
           - name: var-run-dockershim
             mountPath: /host/var/run/dockershim.sock
           {{- if .Values.agent.host.udev }}
@@ -103,9 +101,6 @@ spec:
       - name: device-plugin
         hostPath:
           path: "{{ .Values.agent.host.kubeletDevicePlugins }}"
-      - name: usr-bin-crictl
-        hostPath:
-          path: "{{ .Values.agent.host.crictl }}"
       - name: var-run-dockershim
         hostPath:
           path: "{{ .Values.agent.host.dockerShimSock }}"
diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml
index 0cea71fd5..7605d4e7e 100644
--- a/deployment/helm/values.yaml
+++ b/deployment/helm/values.yaml
@@ -94,8 +94,6 @@ agent:
     discoveryHandlers: /var/lib/akri
     # kubeletDevicePlugins is the location of the kubelet device-plugin sockets
     kubeletDevicePlugins: /var/lib/kubelet/device-plugins
-    # crictl is the node path to crictl
-    crictl: /usr/bin/crictl
     # dockerShimSock is the node path of the docker socket
     dockerShimSock: /var/run/dockershim.sock
     # udev is the node path of udev, usually at `/run/udev`