mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-02-16 18:50:08 -03:30
containerd support (#4664)
* Add limited containerd support Containerd support for Ubuntu + Calico * Added CRI-O support for ubuntu * containerd support. * Reset containerd support. * fix lint. * implemented feedback * Change task name cri xx instead of cri-o in reset task and timeout condition. * set crictl to fixed version * Use docker-ce's container.io package for containerd. * Add check containerd is installable or not. * Avoid stop docker when use containerd and optimize retry for reset. * Add config.toml. * Fixed containerd for kubelet.env. * Merge PR #4629 * Remove unused ubuntu variable for containerd * Polish code for containerd and cri-o * Refactoring cri socket configuration. * Configurable conmon. * Remove unused crictl/runc download * Now crictl and runc is downloaded by common crictl.yml. * fixed yamllint error * Fixed brokenfiles by conflict. * Remove commented line in config.toml * Remove readded v1.12.x version * Fixed broken set_docker_image_facts * Fix yamllint errors. * Remove unused apt source * Fix crictl could not be installed * Add containerd config from skolekonov's PR #4601
This commit is contained in:
committed by
Kubernetes Prow Robot
parent
216631bf02
commit
4c8b93e5b9
12
roles/container-engine/containerd/defaults/main.yml
Normal file
12
roles/container-engine/containerd/defaults/main.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
kubelet_cgroup_driver: systemd
|
||||
|
||||
containerd_config:
|
||||
grpc:
|
||||
max_recv_message_size: 16777216
|
||||
max_send_message_size: 16777216
|
||||
debug:
|
||||
level: ""
|
||||
registries:
|
||||
"docker.io": "https://registry-1.docker.io"
|
||||
max_container_log_line_size: -1
|
||||
24
roles/container-engine/containerd/handlers/main.yml
Normal file
24
roles/container-engine/containerd/handlers/main.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
---
|
||||
- name: restart containerd
|
||||
command: /bin/true
|
||||
notify:
|
||||
- Containerd | reload containerd
|
||||
- Containerd | pause while containerd restarts
|
||||
- Containerd | wait for containerd
|
||||
|
||||
- name: Containerd | reload containerd
|
||||
service:
|
||||
name: containerd
|
||||
state: restarted
|
||||
|
||||
- name: Containerd | pause while containerd restarts
|
||||
pause:
|
||||
seconds: 5
|
||||
prompt: "Waiting for containerd restart"
|
||||
|
||||
- name: Containerd | wait for containerd
|
||||
command: "{{ containerd_bin_dir }}/ctr images ls -q"
|
||||
register: containerd_ready
|
||||
retries: 10
|
||||
delay: 5
|
||||
until: containerd_ready.rc == 0
|
||||
26
roles/container-engine/containerd/tasks/crictl.yml
Normal file
26
roles/container-engine/containerd/tasks/crictl.yml
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
- name: crictl | Download crictl
|
||||
include_tasks: "roles/download/tasks/download_file.yml"
|
||||
vars:
|
||||
download: "{{ download_defaults | combine(downloads.crictl) }}"
|
||||
|
||||
- name: Install crictl config
|
||||
template:
|
||||
src: ../templates/crictl.yaml.j2
|
||||
dest: /etc/crictl.yaml
|
||||
owner: bin
|
||||
mode: 0644
|
||||
|
||||
- name: Copy crictl binary from download dir
|
||||
synchronize:
|
||||
src: "{{ local_release_dir }}/crictl"
|
||||
dest: "{{ bin_dir }}/crictl"
|
||||
compress: no
|
||||
perms: yes
|
||||
owner: no
|
||||
group: no
|
||||
delegate_to: "{{ inventory_hostname }}"
|
||||
|
||||
- name: Install crictl completion
|
||||
shell: /usr/local/bin/crictl completion >/etc/bash_completion.d/crictl
|
||||
ignore_errors: True
|
||||
50
roles/container-engine/containerd/tasks/main.yml
Normal file
50
roles/container-engine/containerd/tasks/main.yml
Normal file
@@ -0,0 +1,50 @@
|
||||
---
|
||||
- name: Fail containerd setup if distribution is not supported
|
||||
fail:
|
||||
msg: "{{ ansible_distribution }} is not supported by containerd."
|
||||
when:
|
||||
- not ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
|
||||
|
||||
- name: Install Docker
|
||||
include_role:
|
||||
name: container-engine/docker
|
||||
|
||||
- name: Install config.toml
|
||||
template:
|
||||
src: config.toml.j2
|
||||
dest: /etc/containerd/config.toml
|
||||
owner: bin
|
||||
mode: 0644
|
||||
|
||||
- name: Stop and disabled Docker
|
||||
systemd:
|
||||
name: docker
|
||||
state: stopped
|
||||
enabled: no
|
||||
|
||||
- name: Restart containerd
|
||||
systemd:
|
||||
name: containerd
|
||||
state: restarted
|
||||
|
||||
- name: Install crictl config
|
||||
template:
|
||||
src: crictl.yaml.j2
|
||||
dest: /etc/crictl.yaml
|
||||
owner: bin
|
||||
mode: 0644
|
||||
|
||||
- name: Install crictl completion
|
||||
shell: /usr/local/bin/crictl completion >/etc/bash_completion.d/crictl
|
||||
ignore_errors: True
|
||||
when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
|
||||
|
||||
- name: Enable containerd
|
||||
systemd:
|
||||
name: containerd.service
|
||||
state: started
|
||||
enabled: yes
|
||||
daemon-reload: yes
|
||||
|
||||
- name: flush handlers so we can wait for containerd to come up
|
||||
meta: flush_handlers
|
||||
40
roles/container-engine/containerd/templates/config.toml.j2
Normal file
40
roles/container-engine/containerd/templates/config.toml.j2
Normal file
@@ -0,0 +1,40 @@
|
||||
# Kubernetes doesn't use containerd restart manager.
|
||||
disabled_plugins = ["restart"]
|
||||
|
||||
[debug]
|
||||
level = "{{ containerd_config.debug.level | default("") }}"
|
||||
|
||||
{% if 'grpc' in containerd_config %}
|
||||
[grpc]
|
||||
{% for param, value in containerd_config.grpc.items() %}
|
||||
{{ param }} = {{ value }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
[plugins.linux]
|
||||
shim = "/usr/bin/containerd-shim"
|
||||
runtime = "/usr/sbin/runc"
|
||||
|
||||
[plugins.cri]
|
||||
stream_server_address = "127.0.0.1"
|
||||
max_container_log_line_size = {{ containerd_config.max_container_log_line_size }}
|
||||
sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
|
||||
|
||||
[plugins.cri.cni]
|
||||
bin_dir = "/opt/cni/bin"
|
||||
conf_dir = "/etc/cni/net.d"
|
||||
conf_template = ""
|
||||
|
||||
[plugins.cri.containerd.untrusted_workload_runtime]
|
||||
runtime_type = ""
|
||||
runtime_engine = ""
|
||||
runtime_root = ""
|
||||
|
||||
{% if 'registries' in containerd_config %}
|
||||
[plugins.cri.registry]
|
||||
[plugins.cri.registry.mirrors]
|
||||
{% for registry, addr in containerd_config.registries.items() %}
|
||||
[plugins.cri.registry.mirrors."{{ registry }}"]
|
||||
endpoint = ["{{ addr }}"]
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
@@ -0,0 +1,4 @@
|
||||
runtime-endpoint: unix://{{ cri_socket }}
|
||||
image-endpoint: unix://{{ cri_socket }}
|
||||
timeout: 30
|
||||
debug: false
|
||||
@@ -24,6 +24,12 @@
|
||||
gpgcheck: no
|
||||
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
||||
|
||||
- name: Add CRI-O PPA
|
||||
apt_repository:
|
||||
repo: ppa:projectatomic/ppa
|
||||
state: present
|
||||
when: ansible_distribution in ["Ubuntu"]
|
||||
|
||||
- name: Make sure needed folders exist in the system
|
||||
with_items:
|
||||
- /etc/crio
|
||||
|
||||
@@ -64,7 +64,7 @@ file_locking = true
|
||||
# This is a mandatory setting as this runtime will be the default one
|
||||
# and will also be used for untrusted container workloads if
|
||||
# runtime_untrusted_workload is not set.
|
||||
{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" %}
|
||||
{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" or ansible_distribution == "Ubuntu" %}
|
||||
runtime = "/usr/bin/runc"
|
||||
{% else %}
|
||||
runtime = "/usr/sbin/runc"
|
||||
@@ -96,7 +96,7 @@ default_workload_trust = "trusted"
|
||||
no_pivot = false
|
||||
|
||||
# conmon is the path to conmon binary, used for managing the runtime.
|
||||
conmon = "/usr/libexec/crio/conmon"
|
||||
conmon = "{{ crio_conmon }}"
|
||||
|
||||
# conmon_env is the environment variable list for conmon process,
|
||||
# used for passing necessary environment variable to conmon or runtime.
|
||||
|
||||
@@ -3,3 +3,4 @@ crio_packages:
|
||||
- containers-basic
|
||||
|
||||
crio_service: crio
|
||||
crio_conmon: /usr/libexec/crio/conmon
|
||||
|
||||
@@ -4,3 +4,4 @@ crio_packages:
|
||||
- cri-tools
|
||||
|
||||
crio_service: cri-o
|
||||
crio_conmon: /usr/libexec/crio/conmon
|
||||
|
||||
@@ -4,4 +4,5 @@ crio_packages:
|
||||
- cri-tools
|
||||
- oci-systemd-hook
|
||||
|
||||
crio_service: crio
|
||||
crio_service: crio
|
||||
crio_conmon: /usr/libexec/crio/conmon
|
||||
|
||||
6
roles/container-engine/cri-o/vars/ubuntu.yml
Normal file
6
roles/container-engine/cri-o/vars/ubuntu.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
crio_packages:
|
||||
- "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
|
||||
|
||||
crio_service: crio
|
||||
crio_conmon: /usr/lib/crio/bin/conmon
|
||||
@@ -7,9 +7,23 @@ dependencies:
|
||||
- container-engine
|
||||
- crio
|
||||
|
||||
- role: container-engine/containerd
|
||||
when:
|
||||
- container_manager == 'containerd'
|
||||
tags:
|
||||
- container-engine
|
||||
- containerd
|
||||
|
||||
- role: container-engine/docker
|
||||
when:
|
||||
- container_manager == 'docker'
|
||||
tags:
|
||||
- container-engine
|
||||
- docker
|
||||
|
||||
- role: container-engine/containerd
|
||||
when:
|
||||
- container_manager == 'containerd'
|
||||
tags:
|
||||
- container-engine
|
||||
- containerd
|
||||
|
||||
Reference in New Issue
Block a user