Subordinate container runtime

[joedborg]

Don't merge until we do all of the branches together.

[joedborg]

@Cynerva the cnx-manager pod is failing wit:

[ALERT] 143/154947 (1) : parsing [/usr/local/etc/haproxy/haproxy.cfg:47] : 'server static' : could not resolve address 'kubernetes.default'.
[ALERT] 143/154947 (1) : Failed to initialize server(s) addr.

Any idea if this is just because I'm not in a BGP environment or whether it's something I need to fix?

[Cynerva]

Any idea if this is just because I'm not in a BGP environment or whether it's something I need to fix?

Yeah, this is almost certainly because you don't have the proper cloud configuration for Tigera traffic. Looks like cnx-manager can't reach the coredns pod to do dns lookups.

[Cynerva]

If I understand correctly, over in charmed-kubernetes/charm-calico#36, you've added the calico-node-image resource as a workaround for the fact that CTL.pull does not respect the proxy configuration of the containerd subordinate. Correct?

So we'll need a similar workaround for the images here. But, using charm resources as a workaround here is more problematic because the cnx-node and calicoctl images used by this charm are protected proprietary images. We can't legally host them in the charm store. Which means the user would have to be responsible for manually attaching the images.

I think a different workaround will be necessary here.

[Cynerva]

From IRC, the plan is to ship this with zero-byte resources in the charm store, and provide documentation for users to attach their own image as needed for offline deployments. Works for me.