Merge pull request #4023 from AkihiroSuda/ci-cgroup1

CI: add AlmaLinux 8 VM for cgroup v1 testing

.github/workflows/vm.yaml

@@ -13,20 +13,36 @@ permissions:
 
 jobs:
   vm:
-    # Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc.
-    name: "CGroupv2 (Fedora)"
+    name: "VM"
     runs-on: ubuntu-24.04
     timeout-minutes: 30
     strategy:
       fail-fast: false
       matrix:
-        provider: [docker, podman]
-        rootless: ["rootful", "rootless"]
+        include:
+          # Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc.
+          - template: fedora
+            provider: docker
+            rootless: rootful
+          - template: fedora
+            provider: docker
+            rootless: rootless
+          - template: fedora
+            provider: podman
+            rootless: rootful
+          - template: fedora
+            provider: podman
+            rootless: rootless
+          # AlmaLinux 8 is used for testing kind with cgroup v1.
+          # Do not upgrade this to AlmaLinux 9 until dropping cgroup v1 support.
+          - template: almalinux-8
+            provider: docker
+            rootless: rootful
     env:
       KIND_EXPERIMENTAL_PROVIDER: "${{ matrix.provider }}"
       ROOTLESS: "${{ matrix.rootless }}"
       HELPER: "./hack/ci/lima-helper.sh"
-      JOB_NAME: "cgroup2-${{ matrix.provider }}-${{ matrix.rootless }}"
+      JOB_NAME: "vm-${{ matrix.template }}-${{ matrix.provider }}-${{ matrix.rootless }}"
     steps:
       - name: Check out code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -51,24 +67,24 @@ jobs:
         uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/.cache/lima
-          key: lima-${{ steps.lima-actions-setup.outputs.version }}
+          key: lima-${{ steps.lima-actions-setup.outputs.version }}-${{ matrix.template }}
 
-      - name: "Start Fedora"
+      - name: "Start VM"
         # --plain is set to disable file sharing, port forwarding, built-in containerd, etc.
-        run: limactl start --name=default --plain template://fedora
+        run: limactl start --name=default --plain template://${{ matrix.template }}
 
-      - name: "Initialize Fedora"
+      - name: "Initialize VM"
         run: |
           set -eux -o pipefail
           # Sync the current directory to /tmp/kind in the guest
           limactl cp -r . default:/tmp/kind
           # Install packages
-          lima sudo /tmp/kind/hack/ci/init-fedora.sh
+          lima sudo /tmp/kind/hack/ci/init-vm.sh
           # Enable systemd lingering for rootless
           lima sudo loginctl enable-linger "$USER"
           # Install kind
           lima sudo git config --global --add safe.directory /tmp/kind
-          lima sudo make -C /tmp/kind install INSTALL_DIR=/usr/local/bin
+          lima sudo make -C /tmp/kind install INSTALL_DIR=/usr/bin
 
       - name: Set up Rootless Docker
         if: ${{ matrix.provider == 'docker' && matrix.rootless == 'rootless' }}

hack/ci/init-fedora.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-set -eux -o pipefail
-# Ensure network-related modules to be loaded
-modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat
-
-# The moby-engine package included in Fedora lacks support for rootless,
-# So we need to install docker-ce and docker-ce-rootless-extras from the upstream.
-curl -fsSL https://get.docker.com | sh
-dnf install -y golang-go make kubernetes-client podman docker-ce-rootless-extras
-systemctl enable --now docker
-
-# Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/
-mkdir -p "/etc/systemd/system/user@.service.d"
-cat <<EOF >"/etc/systemd/system/user@.service.d/delegate.conf"
-[Service]
-Delegate=yes
-EOF
-systemctl daemon-reload

hack/ci/init-vm.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+set -eux -o pipefail
+# Ensure network-related modules to be loaded
+modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat
+
+# The moby-engine package included in Fedora lacks support for rootless,
+# So we need to install docker-ce and docker-ce-rootless-extras from the upstream.
+DNF_REPO=""
+INSTALL_PODMAN="1"
+if grep -q centos /etc/os-release; then
+	# Works with Rocky and Alma too
+	DNF_REPO="https://download.docker.com/linux/centos/docker-ce.repo"
+	if grep -q el8 /etc/os-release; then
+		# podman seems to conflict with docker-ce on EL8
+		INSTALL_PODMAN=""
+	fi
+elif grep -q fedora /etc/os-release; then
+	DNF_REPO="https://download.docker.com/linux/fedora/docker-ce.repo"
+else
+	echo >&2 "Unsupported OS"
+	exit 1
+fi
+DNF="dnf"
+if command -v dnf5 &>/dev/null; then
+	# DNF 5 (Fedora 41 or later)
+	DNF="dnf5"
+	"$DNF" config-manager addrepo --from-repofile="${DNF_REPO}"
+else
+	# DNF 4
+	"$DNF" config-manager --add-repo="${DNF_REPO}"
+fi
+"$DNF" install -y git golang make docker-ce docker-ce-rootless-extras
+systemctl enable --now docker
+if [ -n "${INSTALL_PODMAN}" ]; then
+	"$DNF" install -y podman
+fi
+
+# Install kubectl
+GOARCH="$(uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/amd64/')"
+curl -L -o /usr/bin/kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${GOARCH}/kubectl"
+chmod +x /usr/bin/kubectl
+
+# Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/
+mkdir -p "/etc/systemd/system/user@.service.d"
+cat <<EOF >"/etc/systemd/system/user@.service.d/delegate.conf"
+[Service]
+Delegate=yes
+EOF
+systemctl daemon-reload