containerd support (#4664)

* Add limited containerd support Containerd support for Ubuntu + Calico * Added CRI-O support for ubuntu * containerd support. * Reset containerd support. * fix lint. * implemented feedback * Change task name cri xx instead of cri-o in reset task and timeout condition. * set crictl to fixed version * Use docker-ce's container.io package for containerd. * Add check containerd is installable or not. * Avoid stop docker when use containerd and optimize retry for reset. * Add config.toml. * Fixed containerd for kubelet.env. * Merge PR #4629 * Remove unused ubuntu variable for containerd * Polish code for containerd and cri-o * Refactoring cri socket configuration. * Configurable conmon. * Remove unused crictl/runc download * Now crictl and runc is downloaded by common crictl.yml. * fixed yamllint error * Fixed brokenfiles by conflict. * Remove commented line in config.toml * Remove readded v1.12.x version * Fixed broken set_docker_image_facts * Fix yamllint errors. * Remove unused apt source * Fix crictl could not be installed * Add containerd config from skolekonov's PR #4601
2026-02-19 12:10:11 -03:30 · 2019-06-30 06:09:20 +09:00
parent 216631bf02
commit 4c8b93e5b9
37 changed files with 610 additions and 214 deletions
--- a/roles/kubernetes/node/tasks/facts.yml
+++ b/roles/kubernetes/node/tasks/facts.yml
@@ -3,12 +3,23 @@
  shell: "docker info | grep 'Cgroup Driver' | awk -F': ' '{ print $2; }'"
  register: docker_cgroup_driver_result
  changed_when: false
+  when: container_manager in ['crio', 'docker', 'rkt']

- name: set facts
+- name: set standalone_kubelet fact
  set_fact:
    standalone_kubelet: >-
      {%- if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] -%}true{%- else -%}false{%- endif -%}
+
+- name: set kubelet_cgroup_driver_detected fact for containerd
+  set_fact:
+    kubelet_cgroup_driver_detected: >-
+      {%- if containerd_use_systemd_cgroup -%}systemd{%- else -%}cgroupfs{%- endif -%}
+  when: container_manager == 'containerd'
+
+- name: set kubelet_cgroup_driver_detected fact for other engines
+  set_fact:
    kubelet_cgroup_driver_detected: "{{ docker_cgroup_driver_result.stdout }}"
+  when: container_manager in ['crio', 'docker', 'rkt']

 - name: os specific vars
  include_vars: "{{ item }}"
--- a/roles/kubernetes/node/tasks/pre_upgrade.yml
+++ b/roles/kubernetes/node/tasks/pre_upgrade.yml
@@ -1,12 +1,22 @@
 ---
 - name: "Pre-upgrade | check if kubelet container exists"
-  shell: docker ps -af name=kubelet | grep kubelet
+  shell: >-
+    {% if container_manager in ['crio', 'docker', 'rkt'] %}
+    docker ps -af name=kubelet | grep kubelet
+    {% elif container_manager == 'containerd' %}
+    crictl ps --all --name kubelet | grep kubelet
+    {% endif %}
  failed_when: false
  changed_when: false
  register: kubelet_container_check

 - name: "Pre-upgrade | copy /var/lib/cni from kubelet"
-  command: docker cp kubelet:/var/lib/cni /var/lib/cni
+  command: >-
+    {% if container_manager in ['crio', 'docker', 'rkt'] %}
+    docker cp kubelet:/var/lib/cni /var/lib/cni
+    {% elif container_manager == 'containerd' %}
+    ctr run --rm --mount type=bind,src=/var/lib/cni,dst=/cnilibdir,options=rbind:rw kubelet kubelet-tmp sh -c 'cp /var/lib/cni/* /cnilibdir/'
+    {% endif %}
  args:
    creates: "/var/lib/cni"
  failed_when: false
@@ -19,7 +29,12 @@
  when: kubelet_container_check.rc == 0

 - name: "Pre-upgrade | ensure kubelet container is removed if using host deployment"
-  command: docker rm -fv kubelet
+  shell: >-
+    {% if container_manager in ['crio', 'docker', 'rkt'] %}
+    docker rm -fv kubelet
+    {% elif container_manager == 'containerd' %}
+    crictl stop kubelet && crictl rm kubelet
+    {% endif %}
  failed_when: false
  changed_when: false
  register: remove_kubelet_container
--- a/roles/kubernetes/node/templates/kubelet.env.j2
+++ b/roles/kubernetes/node/templates/kubelet.env.j2
@@ -43,9 +43,9 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
 {% if container_manager == 'docker' and kube_version is version('v1.12.0', '<') %}
 --docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
 {% endif %}
-{% if container_manager == 'crio' %}
+{% if container_manager != 'docker' %}
 --container-runtime=remote \
--container-runtime-endpoint=/var/run/crio/crio.sock \
+--container-runtime-endpoint={{ cri_socket }} \
 {% endif %}
 --anonymous-auth=false \
 --read-only-port={{ kube_read_only_port }} \
--- a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2
+++ b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2
@@ -22,9 +22,9 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
 {% if container_manager == 'docker' and kube_version is version('v1.12.0', '<') %}
 --docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
 {% endif %}
-{% if container_manager == 'crio' %}
+{% if container_manager != 'docker' %}
 --container-runtime=remote \
--container-runtime-endpoint=/var/run/crio/crio.sock \
+--container-runtime-endpoint={{ cri_socket }} \
 {% endif %}
 {% if kube_version is version('v1.8', '<') %}
 --experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \