feat(oci): manifest/config updates to support containerd #1882
Conversation
vdice
force-pushed
the
feat/oci-config-updates
branch
from
4ef1b66 to
942a178
Compare
vdice
force-pushed
the
feat/oci-config-updates
branch
2 times, most recently
from
31caf0e to
0de7e44
Compare
|
I'm happy with these changes if @jsturtevant is. We'd like to get them in before a forthcoming 2.0 release as they represent breaking changes. My only reservation is around updating the wasm layer media type while its canonical value seems to still be under discussion. Thoughts? |
vdice
force-pushed
the
feat/oci-config-updates
branch
from
0de7e44 to
4f62bde
Compare
For the same reasons in #1882 (comment), runwasi and containerd are not currently opinionated about the layer media types. Runwasi, will grab any layers that are not image types and pass them to the runtime, with the media type. This may change in the future but for now while the eco system is still stabilizing I think it might be ok to keep them layers in the way you have them now in order to not break existing users. In the WARG/runwasi the plan is to start to use |
Signed-off-by: Vaughn Dice <[email protected]>
Signed-off-by: Vaughn Dice <[email protected]>
Signed-off-by: Vaughn Dice <[email protected]>
…rch and os Signed-off-by: Vaughn Dice <[email protected]>
Signed-off-by: Vaughn Dice <[email protected]>
vdice
force-pushed
the
feat/oci-config-updates
branch
from
dbd7a53 to
464214b
Compare
Thanks @jsturtevant; I've kept it at the current value for now and created another PR for Spin to futureproof this a bit so that when we do update the media type it won't necessarily be a breaking change. |
|
great! give me a day or so and I will give this a go with deislabs/containerd-wasm-shims#164 |
|
@jsturtevant thank you. We have some urgency to get breaking changes merged before this week's Spin 2.0 release, so do let us know if anything else crops up when integrating with the shim. I'm hoping any other required changes will be additive/non-breaking. |
|
End-to-end testing this branch looks great, including running existing apps from the registry that were previously pushed with Spin V1. |
|
I was able to validate this with the latest runwasi in deislabs/containerd-wasm-shims#164 |
| let oci_config_file = ConfigFile { | ||
| architecture: oci_distribution::config::Architecture::Wasm, | ||
| os: oci_distribution::config::Os::Wasip1, | ||
| ..Default::default() |
There was a problem hiding this comment.
One minor but user experience improvement would be to provide a default entry point https://github.com/containerd/runwasi/blob/2fb77889d5d7b0e590a574cfbc44089b54036811/crates/oci-tar-builder/src/bin.rs#L61C39-L61C39
if this isn't set then when running with ctr need to provide one:
which is the shim.wasm in the command sudo ./ctr run --net-host --rm --runtime=io.containerd.spin.v1 docker.io/ jsturtevant/spin-wasm-shim:latest-2.0 testwasm shim.wasm
otherwise end up with
time="2023-10-30T22:55:30.029486688Z" level=error msg="on non-Windows, at least one process arg entry is required"
time="2023-10-30T22:55:30.029555687Z" level=error msg="failed to initialize container process: missing args in the process spec"
There was a problem hiding this comment.
@jsturtevant -- what exactly would be the meaning for the "default entrypoint" for a Spin app, which can have multiple components (which means no one wasm component)?
The OCI loader from Spin loads the locked application file and knows which layers are the wasm components, and so it doesn't need any default entrypoint.
There was a problem hiding this comment.
This value is passed as arg0 in wasmtime shim. Maybe it isn't used spin shim?
There was a problem hiding this comment.
My assumption is that it wouldn't be used in the Spin shim, as the information about components is part of the locked app manifest -- if that's not the case, it's something we can explore in detail as a follow-up for this PR?
There was a problem hiding this comment.
Yes, I don't think it is blocking. I was using the applications name in runwasi. I am afk, but can look what happens in the docker container scenario later
There was a problem hiding this comment.
Spin currently ignores this value, runwasi parses it and sends to the shim via RuntimeContext but it is ignored by spin's shim: https://github.com/deislabs/containerd-wasm-shims/blob/6ca8df8247d94cf1dc6ce5e529b00ee728aee4ec/containerd-shim-spin-v1/src/engine.rs#L123
The reason this is working when packages as a container is because / is the command is set on the yaml: https://github.com/deislabs/containerd-wasm-shims/blob/6ca8df8247d94cf1dc6ce5e529b00ee728aee4ec/README.md?plain=1#L95
In the case of a shim such as wasmtime/wasmedge it makes sense to have pass the entrypoint info as arg0 and we even do some additional parsing to allow for entering other functions in the wasm module https://github.com/containerd/runwasi/blob/642cafacde77d25762c8c0c0ca78ff1010caff16/crates/containerd-shim-wasm/src/container/context.rs#L17-L25
So in this case we can continue to use / in the command for the pod yaml or you could set this value in the config (maybe image name?) and users wouldn't need to set the command to / in the yaml. In the future maybe it can be useful otherwise we can revisit this in the next iteration of the config support in containerd.
There was a problem hiding this comment.
Thank you for all of the great context @jsturtevant. Much appreciated. Tracking in #2000.
Updates per #1857
Adds(feat(oci): manifest/config updates to support containerd #1882 (comment))artifactType: application/vnd.bytecodealliance.component.v1+wasmto the OCI manifestUpdates the wasm layer media type to(see feat(oci): manifest/config updates to support containerd #1882 (comment))application/vnd.bytecodealliance.wasm.component.layer.v0+wasmNote that the corresponding upstream PR is still in flight -- is it too early to update the media type?Adds a notion of the 'legacy' wasm layer media type such that new Spin clients can pull Spin apps published by older clients