CubeSandbox on Kubernetes, compute node image build and deploy.

deploy/k8s/images/cubelet-network-agent/Dockerfile

@@ -0,0 +1,85 @@
+# Cubelet + Network-Agent Combined Image 
+
+FROM ubuntu:22.04
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    curl \
+    e2fsprogs \
+    util-linux \
+    uidmap \
+    bash \
+    coreutils \
+    procps \
+    iputils-ping \
+    iproute2 \
+    tcpdump \
+    linux-tools-common \
+    linux-tools-generic \
+    iperf3 \
+    net-tools \
+    bridge-utils \
+    ethtool \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p \
+    /usr/local/bin \
+    /usr/local/services/cubetoolbox/Cubelet/bin \
+    /usr/local/services/cubetoolbox/Cubelet/config \
+    /usr/local/services/cubetoolbox/Cubelet/dynamicconf \
+    /usr/local/services/cubetoolbox/network-agent/bin \
+    /usr/local/services/cubetoolbox/network-agent/state \
+    /usr/local/services/cubetoolbox/cube-shim/bin \
+    /usr/local/services/cubetoolbox/cube-shim/conf \
+    /usr/local/services/cubetoolbox/cube-hypervisor \
+    /usr/local/services/cubetoolbox/cube-snapshot \
+    /data/cubelet \
+    /data/log/Cubelet \
+    /data/log/CubeShim \
+    /data/log/CubeVmm \
+    /data/cube-shim/disks \
+    /data/snapshot_pack/disks \
+    /run/cube-containers/shared/sandboxes \
+    /tmp/cube
+
+
+COPY cubelet /usr/local/services/cubetoolbox/Cubelet/bin/cubelet
+COPY cubecli /usr/local/services/cubetoolbox/Cubelet/bin/cubecli
+COPY nicl /usr/local/services/cubetoolbox/Cubelet/bin/nicl
+COPY cubelet-code-deploy.sh /usr/local/services/cubetoolbox/Cubelet/bin/cubelet-code-deploy.sh
+COPY unsquashfs /usr/local/services/cubetoolbox/Cubelet/bin/unsquashfs
+COPY unsquashfs-dio /usr/local/services/cubetoolbox/Cubelet/bin/unsquashfs-dio
+COPY containerd-shim-cube-rs /usr/local/services/cubetoolbox/cube-shim/bin/containerd-shim-cube-rs
+COPY cube-runtime /usr/local/services/cubetoolbox/cube-shim/bin/cube-runtime
+COPY network-agent /usr/local/services/cubetoolbox/network-agent/bin/network-agent
+COPY config-cube.toml /usr/local/services/cubetoolbox/cube-shim/conf/config-cube.toml
+COPY network-agent.yaml /usr/local/services/cubetoolbox/network-agent/network-agent.yaml
+COPY snapshot.sh /usr/local/services/cubetoolbox/Cubelet/config/snapshot.sh
+
+
+RUN chmod +x \
+    /usr/local/services/cubetoolbox/Cubelet/bin/cubelet \
+    /usr/local/services/cubetoolbox/Cubelet/bin/cubecli \
+    /usr/local/services/cubetoolbox/Cubelet/bin/nicl \
+    /usr/local/services/cubetoolbox/Cubelet/bin/cubelet-code-deploy.sh \
+    /usr/local/services/cubetoolbox/Cubelet/bin/unsquashfs \
+    /usr/local/services/cubetoolbox/Cubelet/bin/unsquashfs-dio \
+    /usr/local/services/cubetoolbox/cube-shim/bin/containerd-shim-cube-rs \
+    /usr/local/services/cubetoolbox/cube-shim/bin/cube-runtime \
+    /usr/local/services/cubetoolbox/network-agent/bin/network-agent
+
+COPY start-network-agent.sh /usr/local/bin/start-network-agent.sh
+COPY start-cubelet.sh /usr/local/bin/start-cubelet.sh
+RUN chmod +x /usr/local/bin/start-network-agent.sh /usr/local/bin/start-cubelet.sh
+
+RUN ln -sf /usr/local/services/cubetoolbox/cube-shim/bin/cube-runtime /usr/local/bin/cube-runtime
+RUN ln -sf /usr/local/services/cubetoolbox/cube-shim/bin/containerd-shim-cube-rs /usr/local/bin/containerd-shim-cube-rs
+
+RUN chmod +x /usr/local/services/cubetoolbox/Cubelet/config/snapshot.sh
+
+WORKDIR /data/cubelet
+
+ENTRYPOINT ["/usr/local/bin/start-cubelet.sh"]
+CMD ["--config", "/usr/local/services/cubetoolbox/Cubelet/config/config.toml"]

deploy/k8s/images/cubelet-network-agent/start-cubelet.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+set -euo pipefail
+
+# Cubelet start
+# Keep the file paths consistent with the one-click deployment configuration.
+
+
+export PATH="/usr/local/services/cubetoolbox/Cubelet/bin:${PATH}"
+
+CUBELET_BIN="${CUBELET_BIN:-/usr/local/services/cubetoolbox/Cubelet/bin/cubelet}"
+CUBELET_CONFIG="${CUBELET_CONFIG:-/usr/local/services/cubetoolbox/Cubelet/config/config.toml}"
+DYNAMIC_CONF="${DYNAMIC_CONF:-/usr/local/services/cubetoolbox/Cubelet/dynamicconf/conf.yaml}"
+NETWORK_AGENT_SOCKET="${NETWORK_AGENT_SOCKET:-/tmp/cube/network-agent-grpc.sock}"
+NETWORK_AGENT_HEALTH="${NETWORK_AGENT_HEALTH:-127.0.0.1:19090}"
+
+echo "Starting cubelet..."
+echo "  CUBELET_BIN: ${CUBELET_BIN}"
+echo "  CUBELET_CONFIG: ${CUBELET_CONFIG}"
+echo "  DYNAMIC_CONF: ${DYNAMIC_CONF}"
+echo "  NETWORK_AGENT_SOCKET: ${NETWORK_AGENT_SOCKET}"
+echo "  NETWORK_AGENT_HEALTH: ${NETWORK_AGENT_HEALTH}"
+echo "  PATH: ${PATH}"
+
+if [[ ! -S "${NETWORK_AGENT_SOCKET}" ]]; then
+    echo "Waiting for network-agent socket: ${NETWORK_AGENT_SOCKET}"
+    for i in {1..60}; do
+        if [[ -S "${NETWORK_AGENT_SOCKET}" ]]; then
+            echo "network-agent socket ready"
+            break
+        fi
+        sleep 1
+    done
+    if [[ ! -S "${NETWORK_AGENT_SOCKET}" ]]; then
+        echo "ERROR: network-agent socket not found after 60s"
+        exit 1
+    fi
+fi
+
+echo "Checking network-agent health..."
+for i in {1..30}; do
+    if curl -fsS "http://${NETWORK_AGENT_HEALTH}/healthz" >/dev/null 2>&1; then
+        echo "network-agent health check passed"
+        break
+    fi
+    sleep 1
+done
+
+
+if mountpoint -q /sys/fs/bpf; then
+    umount /sys/fs/bpf
+fi
+mkdir -p /sys/fs/bpf
+mount -t bpf bpf /sys/fs/bpf -o mode=0700
+echo "Mounted private bpffs at /sys/fs/bpf"
+
+# start cubelet
+exec "${CUBELET_BIN}" \
+    --config "${CUBELET_CONFIG}" \
+    --dynamic-conf-path "${DYNAMIC_CONF}"

deploy/k8s/images/cubelet-network-agent/start-network-agent.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+set -euo pipefail
+
+# Network-Agent start
+# Keep the file paths consistent with the one-click deployment configuration.
+
+NETWORK_AGENT_BIN="${NETWORK_AGENT_BIN:-/usr/local/services/cubetoolbox/network-agent/bin/network-agent}"
+CUBELET_CONFIG="${CUBELET_CONFIG:-/usr/local/services/cubetoolbox/Cubelet/config/config.toml}"
+GRPC_LISTEN="${GRPC_LISTEN:-unix:///tmp/cube/network-agent-grpc.sock}"
+TAP_FD_LISTEN="${TAP_FD_LISTEN:-unix:///tmp/cube/network-agent-tap.sock}"
+STATE_DIR="${STATE_DIR:-/usr/local/services/cubetoolbox/network-agent/state}"
+HEALTH_LISTEN="${HEALTH_LISTEN:-127.0.0.1:19090}"
+
+echo "Starting network-agent..."
+echo "  NETWORK_AGENT_BIN: ${NETWORK_AGENT_BIN}"
+echo "  CUBELET_CONFIG: ${CUBELET_CONFIG}"
+echo "  GRPC_LISTEN: ${GRPC_LISTEN}"
+echo "  TAP_FD_LISTEN: ${TAP_FD_LISTEN}"
+echo "  STATE_DIR: ${STATE_DIR}"
+echo "  HEALTH_LISTEN: ${HEALTH_LISTEN}"
+
+if [[ ! -f "${CUBELET_CONFIG}" ]]; then
+    echo "Waiting for cubelet config: ${CUBELET_CONFIG}"
+    for i in {1..30}; do
+        if [[ -f "${CUBELET_CONFIG}" ]]; then
+            break
+        fi
+        sleep 1
+    done
+    if [[ ! -f "${CUBELET_CONFIG}" ]]; then
+        echo "ERROR: cubelet config not found after 30s"
+        exit 1
+    fi
+fi
+
+mkdir -p "${STATE_DIR}"
+mkdir -p /tmp/cube
+
+if mountpoint -q /sys/fs/bpf; then
+    umount /sys/fs/bpf
+fi
+mkdir -p /sys/fs/bpf
+mount -t bpf bpf /sys/fs/bpf -o mode=0700
+echo "Mounted private bpffs at /sys/fs/bpf"
+
+# start network-agent
+exec "${NETWORK_AGENT_BIN}" \
+    --cubelet-config "${CUBELET_CONFIG}" \
+    --grpc-listen "${GRPC_LISTEN}" \
+    --tap-fd-listen "${TAP_FD_LISTEN}" \
+    --state-dir "${STATE_DIR}" \
+    --health-listen "${HEALTH_LISTEN}"