Skip to content

vfkit: Use EFI booloader #20833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

vfkit: Use EFI booloader #20833

wants to merge 4 commits into from

Conversation

nirs
Copy link
Contributor

@nirs nirs commented May 25, 2025
edited
Loading

With the fixed iso, we can simplify the driver using the EFI bootloader
option[1] instead of the legacy and deprecated --kernel, --kernel-cmdline,
and --initrd options[2].

Example run:

% minikube start -p vfkit --driver vfkit --container-runtime containerd --network vmnet-shared --iso-url file://$PWD/minikube-arm64-timeout-0.iso
😄  [vfkit] minikube v1.36.0 on Darwin 15.5 (arm64)
✨  Using the vfkit driver based on user configuration
👍  Starting "vfkit" primary control-plane node in "vfkit" cluster
🔥  Creating vfkit VM (CPUs=2, Memory=6000MB, Disk=20000MB) ... 
📦  Preparing Kubernetes v1.33.1 on containerd 1.7.23 ... 
    ▪ Generating certificates and keys ... 
    ▪ Booting up control plane ... 
    ▪ Configuring RBAC rules ... 
🔗  Configuring bridge CNI (Container Networking Interface) ... 
🔎  Verifying Kubernetes components...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: default-storageclass, storage-provisioner
🏄  Done! kubectl is now configured to use "vfkit" cluster and "default" namespace by default

This avoids the need to extract the kernel and initrd. I expected to see
some speedup but direct kernel boot is little bit faster even including
the time to extract the kernel and initrd.

This change also log vfkit serial console to file for easier debugging.

[1] https://github.com/crc-org/vfkit/blob/main/doc/usage.md#efi-bootloader
[2] https://github.com/crc-org/vfkit/blob/main/doc/usage.md#deprecated-options

Based on #20832 for testing

@nirs
iso: Fix console for vfkit/krunkit
2c25580 
The serial console name depends on the driver. We had setting for qemu
that does not work for vfkit and krunkit, breaking boot from minikube
iso.

Fixed by using 2 console= options, one is known to work for qemu, and
one for vfkit and krunkit. With this we can use the same iso image with
qemu, vfkit, and krunkit.

This will allow simplifying vfkit driver. Previously we had to extract
the kernel and initrd and start it using the legacy --kernel,
--kernel-cmdline and --initrd options.

I tested this by building the iso with this fix and running with
--iso-url.

Example run with qemu:

    % minikube start -p qemu --driver qemu --container-runtime containerd \
        --iso-url file://$PWD/minikube-arm64.iso
    😄  [qemu] minikube v1.36.0 on Darwin 15.5 (arm64)
    ✨  Using the qemu2 driver based on user configuration
    🌐  Automatically selected the socket_vmnet network
    👍  Starting "qemu" primary control-plane node in "qemu" cluster
    🔥  Creating qemu2 VM (CPUs=2, Memory=6000MB, Disk=20000MB) ...
    📦  Preparing Kubernetes v1.33.1 on containerd 1.7.23 ...
        ▪ Generating certificates and keys ...
        ▪ Booting up control plane ...
        ▪ Configuring RBAC rules ...
    🔗  Configuring bridge CNI (Container Networking Interface) ...
    🔎  Verifying Kubernetes components...
        ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
    🌟  Enabled addons: default-storageclass, storage-provisioner
    🏄  Done! kubectl is now configured to use "qemu" cluster and "default" namespace by default

Example run with krunkit:

    % minikube start -p krunkit --driver krunkit --container-runtime containerd \
        --iso-url file://$PWD/minikube-arm64.iso
    😄  [krunkit] minikube v1.36.0 on Darwin 15.5 (arm64)
    ✨  Using the krunkit (experimental) driver based on user configuration
    👍  Starting "krunkit" primary control-plane node in "krunkit" cluster
    🔥  Creating krunkit VM (CPUs=2, Memory=6000MB, Disk=20000MB) ...
    📦  Preparing Kubernetes v1.33.1 on containerd 1.7.23 ...
        ▪ Generating certificates and keys ...
        ▪ Booting up control plane ...
        ▪ Configuring RBAC rules ...
    🔗  Configuring bridge CNI (Container Networking Interface) ...
    🔎  Verifying Kubernetes components...
        ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
    🌟  Enabled addons: default-storageclass, storage-provisioner
    🏄  Done! kubectl is now configured to use "krunkit" cluster and "default" namespace by default
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 25, 2025
@minikube-bot
Copy link
Collaborator

Can one of the admins verify this patch?

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 25, 2025
@k8s-ci-robot k8s-ci-robot requested a review from prezha May 25, 2025 00:50
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: nirs
Once this PR has been reviewed and has the lgtm label, please assign prezha for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested a review from spowelljr May 25, 2025 00:50
@k8s-ci-robot
Copy link
Contributor

Hi @nirs. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 25, 2025
nirs
nirs commented May 25, 2025
View reviewed changes
@nirs
iso: Disable grub timeout
6a534c0 
This speeds up machine boot by 5 seconds. The timeout may be helpful for
debugging boot issues but we don't have a way to access the serial
console for debugging currently.

Testing shows about 4-5 seconds speedup.

| driver  | timeout | start time |
|---------|---------|------------|
| vfkit   |     5.0 |      24.01 |
| vfkit   |     0.0 |      19.90 |
| qemu    |     5.0 |      29.46 |
| qemu    |     0.0 |      24.28 |
| krunkit |     5.0 |      25.14 |
| krunkit |     0.0 |      20.51 |

vfkit tested booting using iso instead of direct kernel boot. Direct
kernel boot is little bit faster that booting from iso even with
timeout=0.
@nirs nirs force-pushed the vfkit-efi-bootloader branch from f4976db to c276a83 Compare May 25, 2025 01:43
nirs added 2 commits May 25, 2025 04:48
@nirs
vfkit: Log serial console to file
2d1facb 
To make debugging easier, add virtio-serial device logging serial
console to file:

    ~/.minikube/machines/NAME/serial.log

To enable logging, we need to enable the console in the kernel command
line, since we still use direct kernel boot.

Example log:

    % cat /Users/nir/.minikube/machines/vfkit/vfkig.log
    [    0.896094] cacheinfo: Unable to detect cache hierarchy for CPU 0
    [    0.897186] loop: module loaded
    [    0.897670] virtio_blk virtio2: [vda] 840488 512-byte logical blocks (430 MB/410 MiB)
    [    0.897733] vda: detected capacity change from 0 to 430329856
    [    0.898460] virtio_blk virtio3: [vdb] 40960000 512-byte logical blocks (21.0 GB/19.5 GiB)
    [    0.898533] vdb: detected capacity change from 0 to 20971520000
    ...
    [    1.794714] systemd[1]: Detected virtualization vm-other.
    [    1.794752] systemd[1]: Detected architecture arm64.

    Welcome to Buildroot 2025.02!

    [    1.794944] systemd[1]: Hostname set to <minikube>.
    [    1.795011] systemd[1]: Initializing machine ID from random generator.
    ...
    [  OK  ] Started Container Runtime Interface for OCI (CRI-O).
    [  OK  ] Reached target Multi-User System.

    Welcome to minikube
    vfkit login: [    6.681578] systemd-ssh-generator[630]: Binding SSH to AF_UNIX socket /run/ssh-unix-local/socket.
@nirs
vfkit: Use EFI bootloader
95a7486 
With the fixed iso, we can simplify the driver using the EFI bootloader
option[1] instead of the legacy and deprecated --kernel, --kernel-cmdline,
and --initrd options[2].

Example run:

    % minikube start -p vfkit --driver vfkit --container-runtime containerd --network vmnet-shared --iso-url file://$PWD/minikube-arm64-timeout-0.iso
    😄  [vfkit] minikube v1.36.0 on Darwin 15.5 (arm64)
    ✨  Using the vfkit driver based on user configuration
    👍  Starting "vfkit" primary control-plane node in "vfkit" cluster
    🔥  Creating vfkit VM (CPUs=2, Memory=6000MB, Disk=20000MB) ...
    📦  Preparing Kubernetes v1.33.1 on containerd 1.7.23 ...
        ▪ Generating certificates and keys ...
        ▪ Booting up control plane ...
        ▪ Configuring RBAC rules ...
    🔗  Configuring bridge CNI (Container Networking Interface) ...
    🔎  Verifying Kubernetes components...
        ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
    🌟  Enabled addons: default-storageclass, storage-provisioner
    🏄  Done! kubectl is now configured to use "vfkit" cluster and "default" namespace by default

This avoids the need to extract the kernel and initrd. I expected to see
some speedup but direct kernel boot is little bit faster even including
the time to extract the kernel and initrd.

[1] https://github.com/crc-org/vfkit/blob/main/doc/usage.md#efi-bootloader
[2] https://github.com/crc-org/vfkit/blob/main/doc/usage.md#deprecated-options
@nirs nirs force-pushed the vfkit-efi-bootloader branch from c276a83 to 95a7486 Compare May 25, 2025 01:52
@afbjorklund
Copy link
Collaborator

afbjorklund commented May 25, 2025
edited
Loading

When it was written, the "vfkit" binary with EFI support had not been released yet

There was only some pre-release bundled with PD, so was "safer" to use the explicit...

It also didn't support macOS 12, which used to be a thing (macOS 11 was already lost)

--bootloader efi is only available when running on macOS 13 or newer.

@nirs
Copy link
Contributor Author

nirs commented May 25, 2025

@cfergeau can you review?

@nirs
Copy link
Contributor Author

nirs commented May 25, 2025

--bootloader efi is only available when running on macOS 13 or newer.

Right, I need to update vkkit docs. I don't think that this is an issue, we don't have capacity to support historic versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prezha prezha Awaiting requested review from prezha

@spowelljr spowelljr Awaiting requested review from spowelljr

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nirs @minikube-bot @k8s-ci-robot @afbjorklund