siderolabs · talos-bot · Sep 14, 2023 · Sep 13, 2023
diff --git a/Makefile b/Makefile
@@ -57,6 +57,7 @@ TARGETS = \
 		nvidia-fabricmanager \
 		nvidia-open-gpu-kernel-modules \
 		qemu-guest-agent \
+		stargz-snapshotter \
 		tailscale \
 		thunderbolt \
 		usb-modem-drivers \

diff --git a/container-runtime/stargz-snapshotter/README.md b/container-runtime/stargz-snapshotter/README.md
@@ -0,0 +1,12 @@
+# Stargz Snapshotter extension
+
+## Usage
+
+Enable the extension in the machine configuration before installing Talos:
+
+```yaml
+machine:
+  install:
+    extensions:
+      - image: ghcr.io/siderolabs/stargz-snapshotter:<VERSION>
+```
diff --git a/container-runtime/stargz-snapshotter/config.toml b/container-runtime/stargz-snapshotter/config.toml
diff --git a/container-runtime/stargz-snapshotter/manifest.yaml b/container-runtime/stargz-snapshotter/manifest.yaml
@@ -0,0 +1,10 @@
+version: v1alpha1
+metadata:
+  name: stargz-snapshotter
+  version: "$VERSION"
+  author: Sidero Labs
+  description: |
+    This system extension provides Stargz Snapshotter using containerd's runtime handler.
+  compatibility:
+    talos:
+      version: ">= v1.0.0"
diff --git a/container-runtime/stargz-snapshotter/pkg.yaml b/container-runtime/stargz-snapshotter/pkg.yaml
@@ -0,0 +1,51 @@
+name: stargz-snapshotter
+variant: scratch
+shell: /toolchain/bin/bash
+dependencies:
+  - stage: base
+steps:
+  - sources:
+      - url: https://github.com/containerd/stargz-snapshotter/archive/refs/tags/v0.14.3.tar.gz
+        destination: stargz-snapshotter.tar.gz
+        sha256: 5397d799f76e5b7994820b1bf854f09e5a01c4607f5b9c4c5fd81a4ff7507754
+        sha512: 105ca1cb0c5128fefbcf80d4edf851d1d854e0aadc1872ff8fdb8bc3b2e7b1cc54f3a6776493c023bc6ef9abe903663a75c14fd349cdb331db9416f3ad8b7812
+    env:
+      GOPATH: /go
+    prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+      - |
+        mkdir -p ${GOPATH}/src/github.com/containerd/stargz-snapshotter
+
+        tar -xzf stargz-snapshotter.tar.gz --strip-components=1 -C ${GOPATH}/src/github.com/containerd/stargz-snapshotter
+    build:
+      - |
+        export PATH=${PATH}:${TOOLCHAIN}/go/bin
+        cd ${GOPATH}/src/github.com/containerd/stargz-snapshotter
+
+        make containerd-stargz-grpc
+
+        make ctr-remote
+    install:
+      - |
+        mkdir -p /rootfs/usr/local/bin
+        mkdir -p /rootfs/usr/local/lib/containers/stargz-snapshotter
+
+        cd ${GOPATH}/src/github.com/containerd/stargz-snapshotter
+
+        cp ./out/containerd-stargz-grpc /rootfs/usr/local/lib/containers/stargz-snapshotter/containerd-stargz-grpc
+        chmod +x /rootfs/usr/local/lib/containers/stargz-snapshotter/containerd-stargz-grpc
+
+        cp ./out/ctr-remote /rootfs/usr/local/lib/containers/stargz-snapshotter/ctr-remote
+        chmod +x /rootfs/usr/local/lib/containers/stargz-snapshotter/ctr-remote
+finalize:
+  - from: /rootfs
+    to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /
+  - from: /pkg/stargz-snapshotter.part
+    to: /rootfs/etc/cri/conf.d/stargz-snapshotter.part
+  - from: /pkg/config.toml
+    to: /rootfs/usr/local/etc/containerd-stargz-grpc/config.toml
+  - from: /pkg/stargz-snapshotter.yaml
+    to: /rootfs/usr/local/etc/containers/
diff --git a/container-runtime/stargz-snapshotter/stargz-snapshotter.part b/container-runtime/stargz-snapshotter/stargz-snapshotter.part
@@ -0,0 +1,10 @@
+# Enable stargz snapshotter for CRI
+[plugins."io.containerd.grpc.v1.cri".containerd]
+  snapshotter = "stargz"
+  disable_snapshot_annotations = false
+
+# Plug stargz snapshotter into containerd
+[proxy_plugins]
+  [proxy_plugins.stargz]
+    type = "snapshot"
+    address = "/var/run/containerd-stargz-grpc/containerd-stargz-grpc.sock"
diff --git a/container-runtime/stargz-snapshotter/stargz-snapshotter.yaml b/container-runtime/stargz-snapshotter/stargz-snapshotter.yaml
@@ -0,0 +1,29 @@
+name: stargz-snapshotter
+depends:
+  - service: cri
+container:
+  entrypoint: ./containerd-stargz-grpc
+  args:
+    - --address=/var/run/containerd-stargz-grpc/containerd-stargz-grpc.sock
+    - --log-level=debug
+  mounts:
+    - source: /etc/ssl
+      destination: /etc/ssl
+      type: bind
+      options:
+        - bind
+        - ro
+    - source: /var
+      destination: /var
+      type: bind
+      options:
+        - rshared
+        - rbind
+        - rw
+    - source: /usr/local/etc/containerd-stargz-grpc
+      destination: /etc/containerd-stargz-grpc
+      type: bind
+      options:
+        - bind
+        - ro
+restart: always
diff --git a/container-runtime/stargz-snapshotter/vars.yaml b/container-runtime/stargz-snapshotter/vars.yaml
@@ -0,0 +1 @@
+VERSION: "{{ .STARGZ_SNAPSHOTTER_VERSION }}-{{ .BUILD_ARG_TAG }}"
diff --git a/container-runtime/vars.yaml b/container-runtime/vars.yaml
@@ -1,2 +1,4 @@
 # renovate: datasource=github-tags extractVersion=^release-(?<version>.*)$ depName=google/gvisor
 GVISOR_VERSION: 20231214.0
+# renovate: datasource=github-releases  depName=containerd/stargz-snapshotter
+STARGZ_SNAPSHOTTER_VERSION: v0.14.3
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		VERSION: "{{ .STARGZ_SNAPSHOTTER_VERSION }}-{{ .BUILD_ARG_TAG }}"