CI: add AlmaLinux 8 VM for cgroup v1 testing

Fix issue 3942 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2025-11-30 23:16:04 +07:00 · 2025-10-01 15:57:53 +09:00
parent 9aaab982a4
commit 051af130e1
3 changed files with 76 additions and 29 deletions
--- a/.github/workflows/vm.yaml
+++ b/.github/workflows/vm.yaml
@@ -13,20 +13,36 @@ permissions:

 jobs:
  vm:
-    # Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc.
-    name: "CGroupv2 (Fedora)"
+    name: "VM"
    runs-on: ubuntu-24.04
    timeout-minutes: 30
    strategy:
      fail-fast: false
      matrix:
-        provider: [docker, podman]
-        rootless: ["rootful", "rootless"]
+        include:
+          # Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc.
+          - template: fedora
+            provider: docker
+            rootless: rootful
+          - template: fedora
+            provider: docker
+            rootless: rootless
+          - template: fedora
+            provider: podman
+            rootless: rootful
+          - template: fedora
+            provider: podman
+            rootless: rootless
+          # AlmaLinux 8 is used for testing kind with cgroup v1.
+          # Do not upgrade this to AlmaLinux 9 until dropping cgroup v1 support.
+          - template: almalinux-8
+            provider: docker
+            rootless: rootful
    env:
      KIND_EXPERIMENTAL_PROVIDER: "${{ matrix.provider }}"
      ROOTLESS: "${{ matrix.rootless }}"
      HELPER: "./hack/ci/lima-helper.sh"
-      JOB_NAME: "cgroup2-${{ matrix.provider }}-${{ matrix.rootless }}"
+      JOB_NAME: "vm-${{ matrix.template }}-${{ matrix.provider }}-${{ matrix.rootless }}"
    steps:
      - name: Check out code
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -51,24 +67,24 @@ jobs:
        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: ~/.cache/lima
-          key: lima-${{ steps.lima-actions-setup.outputs.version }}
+          key: lima-${{ steps.lima-actions-setup.outputs.version }}-${{ matrix.template }}

-      - name: "Start Fedora"
+      - name: "Start VM"
        # --plain is set to disable file sharing, port forwarding, built-in containerd, etc.
-        run: limactl start --name=default --plain template://fedora
+        run: limactl start --name=default --plain template://${{ matrix.template }}

-      - name: "Initialize Fedora"
+      - name: "Initialize VM"
        run: |
          set -eux -o pipefail
          # Sync the current directory to /tmp/kind in the guest
          limactl cp -r . default:/tmp/kind
          # Install packages
-          lima sudo /tmp/kind/hack/ci/init-fedora.sh
+          lima sudo /tmp/kind/hack/ci/init-vm.sh
          # Enable systemd lingering for rootless
          lima sudo loginctl enable-linger "$USER"
          # Install kind
          lima sudo git config --global --add safe.directory /tmp/kind
-          lima sudo make -C /tmp/kind install INSTALL_DIR=/usr/local/bin
+          lima sudo make -C /tmp/kind install INSTALL_DIR=/usr/bin

      - name: Set up Rootless Docker
        if: ${{ matrix.provider == 'docker' && matrix.rootless == 'rootless' }}
--- a/hack/ci/init-fedora.sh
+++ b/hack/ci/init-fedora.sh
@@ -1,18 +0,0 @@
-#!/bin/bash
-set -eux -o pipefail
-# Ensure network-related modules to be loaded
-modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat
-
-# The moby-engine package included in Fedora lacks support for rootless,
-# So we need to install docker-ce and docker-ce-rootless-extras from the upstream.
-curl -fsSL https://get.docker.com | sh
-dnf install -y golang-go make kubernetes-client podman docker-ce-rootless-extras
-systemctl enable --now docker
-
-# Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/
-mkdir -p "/etc/systemd/system/user@.service.d"
-cat <<EOF >"/etc/systemd/system/user@.service.d/delegate.conf"
-[Service]
-Delegate=yes
-EOF
-systemctl daemon-reload
--- a/hack/ci/init-vm.sh
+++ b/hack/ci/init-vm.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+set -eux -o pipefail
+# Ensure network-related modules to be loaded
+modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat
+
+# The moby-engine package included in Fedora lacks support for rootless,
+# So we need to install docker-ce and docker-ce-rootless-extras from the upstream.
+DNF_REPO=""
+INSTALL_PODMAN="1"
+if grep -q centos /etc/os-release; then
+	# Works with Rocky and Alma too
+	DNF_REPO="https://download.docker.com/linux/centos/docker-ce.repo"
+	if grep -q el8 /etc/os-release; then
+		# podman seems to conflict with docker-ce on EL8
+		INSTALL_PODMAN=""
+	fi
+elif grep -q fedora /etc/os-release; then
+	DNF_REPO="https://download.docker.com/linux/fedora/docker-ce.repo"
+else
+	echo >&2 "Unsupported OS"
+	exit 1
+fi
+DNF="dnf"
+if command -v dnf5 &>/dev/null; then
+	# DNF 5 (Fedora 41 or later)
+	DNF="dnf5"
+	"$DNF" config-manager addrepo --from-repofile="${DNF_REPO}"
+else
+	# DNF 4
+	"$DNF" config-manager --add-repo="${DNF_REPO}"
+fi
+"$DNF" install -y git golang make docker-ce docker-ce-rootless-extras
+systemctl enable --now docker
+if [ -n "${INSTALL_PODMAN}" ]; then
+	"$DNF" install -y podman
+fi
+
+# Install kubectl
+GOARCH="$(uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/amd64/')"
+curl -L -o /usr/bin/kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${GOARCH}/kubectl"
+chmod +x /usr/bin/kubectl
+
+# Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/
+mkdir -p "/etc/systemd/system/user@.service.d"
+cat <<EOF >"/etc/systemd/system/user@.service.d/delegate.conf"
+[Service]
+Delegate=yes
+EOF
+systemctl daemon-reload