From f234b8fcab9074cd5c4d1b64dbae05414f08f420 Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter@icb4dc0.de>
Date: Thu, 7 Nov 2024 22:15:35 +0100
Subject: [PATCH] feat: allow WASI workloads

---
 configs/workers/k3s-flatcar.yaml | 40 ++++++++++++++++++++++++++++++--
 k8s_flatcar_machines.tf          | 10 ++++----
 vars.tf                          |  5 ++++
 vms.auto.tfvars                  | 12 +++++-----
 4 files changed, 55 insertions(+), 12 deletions(-)

diff --git a/configs/workers/k3s-flatcar.yaml b/configs/workers/k3s-flatcar.yaml
index 61924a5..5f48750 100644
--- a/configs/workers/k3s-flatcar.yaml
+++ b/configs/workers/k3s-flatcar.yaml
@@ -3,13 +3,40 @@ version: 1.1.0
 
 systemd:
   units:
+    - name: containerd.service
+      enabled: false
+      dropins:
+        - name: 10-use-custom-config.conf
+          contents: |
+            [Service]
+            ExecStart=
+            ExecStart=/usr/bin/containerd
+    - name: spin-shim-install.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Run Spin Shim script
+        Wants = network-online.target
+        After = network.target network-online.target
+        StartLimitBurst=100
+        StartLimitIntervalSec=300
+        ConditionPathExists=!/var/lib/rancher/k3s/data/current/bin/containerd-shim-spin-v2
+        [Service]
+        Type=oneshot
+        TimeoutStartSec=300
+        RemainAfterExit=yes
+        KillMode=process
+        ExecStart=/usr/bin/bash -c "until [ -d /var/lib/rancher/k3s/data/current/bin ]; do sleep 5; done; curl -L https://github.com/spinkube/containerd-shim-spin/releases/download/${spin_shim_version}/containerd-shim-spin-v2-linux-${arch}.tar.gz | tar -xz -C /var/lib/rancher/k3s/data/current/bin/"
+
+        [Install]
+        WantedBy=multi-user.target
     - name: k3s-install.service
       enabled: true
       contents: |
         [Unit]
         Description=Run K3s script
         Wants = network-online.target
-        After = network.target network-online.target        
+        After = network.target network-online.target
         ConditionPathExists=/opt/k3s-install.sh
         ConditionPathExists=!/opt/bin/k3s
         [Service]
@@ -34,4 +61,13 @@ storage:
     - path: /opt/k3s-install.sh
       mode: 0777
       contents:
-        source: https://get.k3s.io
\ No newline at end of file
+        source: https://get.k3s.io
+    - path: /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl
+      mode: 0644
+      contents:
+        inline: |
+          {{- template "base" . }}
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.spin]
+            runtime_type = "io.containerd.spin.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.spin.options]
+            BinaryName = "/opt/bin/containerd-shim-spin-v2"
diff --git a/k8s_flatcar_machines.tf b/k8s_flatcar_machines.tf
index dcbbc9e..1b83a76 100644
--- a/k8s_flatcar_machines.tf
+++ b/k8s_flatcar_machines.tf
@@ -146,11 +146,13 @@ data "ct_config" "machine-ignitions" {
   content = templatefile(
     "${path.module}/configs/workers/k3s-flatcar.yaml",
     {
-      "host"         = "${each.key}"
-      "k3s_token"    = "${var.k3s_token}"
-      "node_ip"      = "${each.value.private_ip}"
-      "k3s_version"  = "${var.worker_k3s_version}"
+      "host"         = each.key
+      "k3s_token"    = var.k3s_token
+      "node_ip"      = each.value.private_ip
+      "k3s_version"  = var.worker_k3s_version
       "storage_node" = each.value.storage_node
+      "spin_shim_version" = var.spin_shim_version
+      "arch" = startswith(each.value.server_type, "cax") ? "aarch64" : "x86_64"
     }
   )
   snippets = [
diff --git a/vars.tf b/vars.tf
index a4938a3..ba1b0aa 100644
--- a/vars.tf
+++ b/vars.tf
@@ -37,6 +37,11 @@ variable "litestream_version" {
   default = "v0.3.13"
 }
 
+variable "spin_shim_version" {
+  type    = string
+  default = "v0.16.0"
+}
+
 variable "control_plane_k3s_version" {
   type    = string
   default = "v1.30.5+k3s1"
diff --git a/vms.auto.tfvars b/vms.auto.tfvars
index 82e4e26..0b0654d 100644
--- a/vms.auto.tfvars
+++ b/vms.auto.tfvars
@@ -17,7 +17,7 @@ k3s_sans = [
 k3s_workers = {
   "w1-cx22-hel1" = {
     server_type  = "cx22"
-    generation   = 1
+    generation   = 10
     private_ip   = "172.23.2.20"
     location     = "hel1"
     storage_node = false
@@ -25,7 +25,7 @@ k3s_workers = {
 
   "w2-cax11-hel1" = {
     server_type  = "cax11"
-    generation   = 1
+    generation   = 10
     private_ip   = "172.23.2.21"
     location     = "hel1"
     storage_node = true
@@ -33,7 +33,7 @@ k3s_workers = {
 
   "w3-cax11-hel1" = {
     server_type  = "cax11"
-    generation   = 1
+    generation   = 6
     private_ip   = "172.23.2.22"
     location     = "hel1"
     storage_node = true
@@ -41,7 +41,7 @@ k3s_workers = {
 
   "w4-cax11-hel1" = {
     server_type  = "cax11"
-    generation   = 1
+    generation   = 3
     private_ip   = "172.23.2.23"
     location     = "hel1"
     storage_node = true
@@ -49,7 +49,7 @@ k3s_workers = {
 
   "w5-cax11-hel1" = {
     server_type  = "cax11"
-    generation   = 1
+    generation   = 3
     private_ip   = "172.23.2.24"
     location     = "hel1"
     storage_node = true
@@ -57,7 +57,7 @@ k3s_workers = {
 
   "w6-cax11-hel1" = {
     server_type  = "cax11"
-    generation   = 1
+    generation   = 4
     private_ip   = "172.23.2.25"
     location     = "hel1"
     storage_node = true