Clean up the nerdctld installation

cmd/minikube/cmd/start.go

@@ -2057,23 +2057,14 @@ func startNerdctld() {
 	co := mustload.Running(ClusterFlagValue())
 	runner := co.CP.Runner
 
-	// and set 777 to these files
-	if out, err := runner.RunCmd(exec.Command("sudo", "chmod", "777", "/usr/local/bin/nerdctl", "/usr/local/bin/nerdctld")); err != nil {
-		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed setting permission for nerdctl: %s", out.Output()), err)
-	}
-
-	// sudo systemctl start nerdctld.socket
-	if out, err := runner.RunCmd(exec.Command("sudo", "systemctl", "start", "nerdctld.socket")); err != nil {
-		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to enable nerdctld.socket: %s", out.Output()), err)
-	}
-	// sudo systemctl start nerdctld.service
-	if out, err := runner.RunCmd(exec.Command("sudo", "systemctl", "start", "nerdctld.service")); err != nil {
-		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to enable nerdctld.service: %s", out.Output()), err)
+	// sudo systemctl start nerdctl.socket
+	if out, err := runner.RunCmd(exec.Command("sudo", "systemctl", "start", "nerdctl.socket")); err != nil {
+		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to enable nerdctl.socket: %s", out.Output()), err)
 	}
 
 	// set up environment variable on remote machine. docker client uses 'non-login & non-interactive shell' therefore the only way is to modify .bashrc file of user 'docker'
 	// insert this at 4th line
-	envSetupCommand := exec.Command("/bin/bash", "-c", "sed -i '4i export DOCKER_HOST=unix:///run/nerdctld.sock' .bashrc")
+	envSetupCommand := exec.Command("/bin/bash", "-c", "sed -i '4i export DOCKER_HOST=unix:///var/run/nerdctl.sock' .bashrc")
 	if out, err := runner.RunCmd(envSetupCommand); err != nil {
 		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to set up DOCKER_HOST: %s", out.Output()), err)
 	}

deploy/kicbase/Dockerfile

@@ -59,8 +59,8 @@ COPY deploy/kicbase/containerd_docker_io_hosts.toml /etc/containerd/certs.d/dock
 COPY deploy/kicbase/clean-install /usr/local/bin/clean-install
 COPY deploy/kicbase/entrypoint /usr/local/bin/entrypoint
 COPY deploy/kicbase/CHANGELOG ./CHANGELOG
-COPY deploy/kicbase/nerdctld/nerdctld.socket  /etc/systemd/system/nerdctld.socket
-COPY deploy/kicbase/nerdctld/nerdctld.service  /etc/systemd/system/nerdctld.service
+COPY deploy/kicbase/nerdctld/nerdctl.socket /usr/local/lib/systemd/system/nerdctl.socket
+COPY deploy/kicbase/nerdctld/nerdctl.service /usr/local/lib/systemd/system/nerdctl.service
 COPY --from=auto-pause /src/cmd/auto-pause/auto-pause-${TARGETARCH} /bin/auto-pause
 
 # Install dependencies, first from apt, then from release tarballs.
@@ -148,8 +148,8 @@ RUN export ARCH=$(dpkg --print-architecture) \
         tar -C /usr/local/bin -xzvf /tmp/nerdctl.tgz &&\
         curl -L --retry 5 --output /tmp/nerdctld.tgz "https://github.com/afbjorklund/nerdctld/releases/download/v${NERDCTLD_VERSION}/nerdctld-${NERDCTLD_VERSION}-linux-$ARCH.tar.gz" &&\
         tar -C /usr/local/bin -xzvf /tmp/nerdctld.tgz &&\
-        chmod 777  /usr/local/bin/nerdctl &&\
-        chmod 777 /usr/local/bin/nerdctld; \
+        chmod 755 /usr/local/bin/nerdctl &&\
+        chmod 755 /usr/local/bin/nerdctld; \
     fi
 
 # install docker

deploy/kicbase/nerdctld/nerdctl.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=nerdctl
+Requires=nerdctl.socket containerd.service
+After=nerdctl.socket containerd.service
+Documentation=https://github.com/containerd/nerdctl
+
+[Service]
+Type=notify
+Environment=CONTAINERD_NAMESPACE=k8s.io
+ExecStart=nerdctld --addr fd://
+
+[Install]
+WantedBy=multi-user.target

deploy/kicbase/nerdctld/nerdctl.socket

@@ -0,0 +1,10 @@
+[Unit]
+Description=nerdctl
+Documentation=https://github.com/containerd/nerdctl
+
+[Socket]
+ListenStream=%t/nerdctl.sock
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target

pkg/drivers/kic/types.go

@@ -24,10 +24,10 @@ import (
 
 const (
 	// Version is the current version of kic
-	Version = "v0.0.43-1712854342-18621"
+	Version = "v0.0.43-1712942193-18530"
 
 	// SHA of the kic base image
-	baseImageSHA = "ed83a14d1540ae575c52399493a92b74b64f457445525b45c4b55f3ec4ca873f"
+	baseImageSHA = "c0336463426ab3b507299c3cbdc772f9d0a42a512c970bf047eabeded0e531ac"
 	// The name of the GCR kicbase repository
 	gcrRepo = "gcr.io/k8s-minikube/kicbase-builds"
 	// The name of the Dockerhub kicbase repository

site/content/en/docs/commands/start.md

@@ -27,7 +27,7 @@ minikube start [flags]
       --apiserver-port int                The apiserver listening port (default 8443)
       --auto-pause-interval duration      Duration of inactivity before the minikube VM is paused (default 1m0s) (default 1m0s)
       --auto-update-drivers               If set, automatically updates drivers to the latest version. Defaults to true. (default true)
-      --base-image string                 The base image to use for docker/podman drivers. Intended for local development. (default "gcr.io/k8s-minikube/kicbase-builds:v0.0.43-1712854342-18621@sha256:ed83a14d1540ae575c52399493a92b74b64f457445525b45c4b55f3ec4ca873f")
+      --base-image string                 The base image to use for docker/podman drivers. Intended for local development. (default "gcr.io/k8s-minikube/kicbase-builds:v0.0.43-1712942193-18530@sha256:c0336463426ab3b507299c3cbdc772f9d0a42a512c970bf047eabeded0e531ac")
       --binary-mirror string              Location to fetch kubectl, kubelet, & kubeadm binaries from.
       --cache-images                      If true, cache docker images for the current bootstrapper and load them into the machine. Always false with --driver=none. (default true)
       --cert-expiration duration          Duration until minikube certificate expiration, defaults to three years (26280h). (default 26280h0m0s)