wfe-containerd 1.10.0

containerd container runner executor for WFE
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

use std::collections::HashMap;
use std::sync::Mutex;

use async_trait::async_trait;
use wfe_core::models::service::{ServiceDefinition, ServiceEndpoint};
use wfe_core::traits::ServiceProvider;

/// Provisions infrastructure services as containerd containers on the host network.
///
/// Services are accessible via `127.0.0.1` on their declared ports.
/// Connection info is injected as `SVC_{NAME}_HOST` / `SVC_{NAME}_PORT` env vars
/// into workflow data.
pub struct ContainerdServiceProvider {
    containerd_addr: String,
    /// Track running service containers per workflow for teardown.
    running: Mutex<HashMap<String, Vec<String>>>,
}

impl ContainerdServiceProvider {
    pub fn new(containerd_addr: impl Into<String>) -> Self {
        Self {
            containerd_addr: containerd_addr.into(),
            running: Mutex::new(HashMap::new()),
        }
    }

    /// Get the containerd address this provider connects to.
    pub fn containerd_addr(&self) -> &str {
        &self.containerd_addr
    }
}

#[async_trait]
impl ServiceProvider for ContainerdServiceProvider {
    fn can_provision(&self, _services: &[ServiceDefinition]) -> bool {
        true // containerd can run any OCI image
    }

    async fn provision(
        &self,
        workflow_id: &str,
        services: &[ServiceDefinition],
    ) -> wfe_core::Result<Vec<ServiceEndpoint>> {
        let mut endpoints = Vec::new();
        let mut container_ids = Vec::new();

        for svc in services {
            let container_id = format!("wfe-svc-{}-{}", svc.name, workflow_id);

            // Create and start the service container via containerd gRPC.
            // This reuses the same connection and container lifecycle as ContainerdStep
            // but starts the container without waiting for it to exit.
            crate::step::ContainerdStep::run_service(
                &self.containerd_addr,
                &container_id,
                &svc.image,
                &svc.env,
            )
            .await?;

            container_ids.push(container_id);

            endpoints.push(ServiceEndpoint {
                name: svc.name.clone(),
                host: "127.0.0.1".into(),
                ports: svc.ports.clone(),
            });
        }

        self.running
            .lock()
            .unwrap()
            .insert(workflow_id.into(), container_ids);

        Ok(endpoints)
    }

    async fn teardown(&self, workflow_id: &str) -> wfe_core::Result<()> {
        let ids = self
            .running
            .lock()
            .unwrap()
            .remove(workflow_id)
            .unwrap_or_default();

        for container_id in ids {
            crate::step::ContainerdStep::cleanup_service(&self.containerd_addr, &container_id)
                .await
                .ok();
        }

        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use wfe_core::models::service::ServicePort;

    #[test]
    fn can_provision_always_true() {
        let provider = ContainerdServiceProvider::new("/run/containerd/containerd.sock");
        let services = vec![ServiceDefinition {
            name: "postgres".into(),
            image: "postgres:15".into(),
            ports: vec![ServicePort::tcp(5432)],
            env: Default::default(),
            readiness: None,
            command: vec![],
            args: vec![],
            memory: None,
            cpu: None,
        }];
        assert!(provider.can_provision(&services));
    }

    #[test]
    fn can_provision_empty_services() {
        let provider = ContainerdServiceProvider::new("/run/containerd/containerd.sock");
        assert!(provider.can_provision(&[]));
    }

    #[test]
    fn running_map_starts_empty() {
        let provider = ContainerdServiceProvider::new("/run/containerd/containerd.sock");
        assert!(provider.running.lock().unwrap().is_empty());
    }

    #[test]
    fn containerd_addr_accessor() {
        let provider = ContainerdServiceProvider::new("http://127.0.0.1:2500");
        assert_eq!(provider.containerd_addr(), "http://127.0.0.1:2500");
    }
}