Merge "Add opt-in containerd support"

changes/21/709721/1
Zuul 3 years ago committed by Gerrit Code Review
commit fa45002e21
  1. 26
      doc/source/user/index.rst
  2. 36
      magnum/drivers/common/templates/kubernetes/fragments/add-proxy.sh
  3. 22
      magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
  4. 24
      magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
  5. 7
      magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
  6. 11
      magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh
  7. 50
      magnum/drivers/common/templates/kubernetes/fragments/install-cri.sh
  8. 4
      magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.sh
  9. 4
      magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.sh
  10. 4
      magnum/drivers/heat/k8s_fedora_template_def.py
  11. 28
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
  12. 21
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
  13. 21
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
  14. 28
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
  15. 21
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
  16. 21
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
  17. 20
      magnum/tests/unit/drivers/test_template_definition.py
  18. 21
      releasenotes/notes/containerd-598761bb536af6ba.yaml

@ -447,6 +447,15 @@ the table are linked to more details elsewhere in the user guide.
| `use_podman`_ | - true | see below |
| | - false | |
+---------------------------------------+--------------------+---------------+
| `container_runtime`_ | - "" | "" |
| | - containerd | |
+---------------------------------------+--------------------+---------------+
| `containerd_version`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
| `containerd_tarball_url`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
| `containerd_tarball_sha256`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
.. _cluster:
@ -1443,6 +1452,23 @@ _`use_podman`
necessary since v1.16 dropped the --containerized flag in kubelet.
https://github.com/kubernetes/kubernetes/pull/80043/files
_`container_runtime`
The container runtime to use. Empty value means, use docker from the
host. Since ussuri, apart from empty (host-docker), containerd is also
an option.
_`containerd_version`
The containerd version to use as released in
https://github.com/containerd/containerd/releases and
https://storage.googleapis.com/cri-containerd-release/
_`containerd_tarball_url`
Url with the tarball of containerd's binaries.
_`containerd_tarball_sha256`
sha256 of the tarball fetched with containerd_tarball_url or from
https://storage.googleapis.com/cri-containerd-release/.
External load balancer for services
-----------------------------------

@ -6,25 +6,31 @@ set -x
ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost"
DOCKER_HTTP_PROXY_CONF=/etc/systemd/system/docker.service.d/http_proxy.conf
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
SERVICE_DIR="/etc/systemd/system/containerd.service.d"
else
SERVICE_DIR="/etc/systemd/system/docker.service.d"
fi
HTTP_PROXY_CONF=${SERVICE_DIR}/http_proxy.conf
DOCKER_HTTPS_PROXY_CONF=/etc/systemd/system/docker.service.d/https_proxy.conf
HTTPS_PROXY_CONF=${SERVICE_DIR}/https_proxy.conf
DOCKER_NO_PROXY_CONF=/etc/systemd/system/docker.service.d/no_proxy.conf
NO_PROXY_CONF=${SERVICE_DIR}/no_proxy.conf
DOCKER_RESTART=0
RUNTIME_RESTART=0
BASH_RC=/etc/bashrc
mkdir -p /etc/systemd/system/docker.service.d
mkdir -p ${SERVICE_DIR}
if [ -n "$HTTP_PROXY" ]; then
cat <<EOF | sed "s/^ *//" > $DOCKER_HTTP_PROXY_CONF
cat <<EOF | sed "s/^ *//" > $HTTP_PROXY_CONF
[Service]
Environment=HTTP_PROXY=$HTTP_PROXY
EOF
DOCKER_RESTART=1
RUNTIME_RESTART=1
if [ -f "$BASH_RC" ]; then
echo "declare -x http_proxy=$HTTP_PROXY" >> $BASH_RC
@ -34,12 +40,12 @@ EOF
fi
if [ -n "$HTTPS_PROXY" ]; then
cat <<EOF | sed "s/^ *//" > $DOCKER_HTTPS_PROXY_CONF
cat <<EOF | sed "s/^ *//" > $HTTPS_PROXY_CONF
[Service]
Environment=HTTPS_PROXY=$HTTPS_PROXY
EOF
DOCKER_RESTART=1
RUNTIME_RESTART=1
if [ -f "$BASH_RC" ]; then
echo "declare -x https_proxy=$HTTPS_PROXY" >> $BASH_RC
@ -49,12 +55,12 @@ EOF
fi
if [ -n "$NO_PROXY" ]; then
cat <<EOF | sed "s/^ *//" > $DOCKER_NO_PROXY_CONF
cat <<EOF | sed "s/^ *//" > $NO_PROXY_CONF
[Service]
Environment=NO_PROXY=$NO_PROXY
EOF
DOCKER_RESTART=1
RUNTIME_RESTART=1
if [ -f "$BASH_RC" ]; then
echo "declare -x no_proxy=$NO_PROXY" >> $BASH_RC
@ -63,7 +69,11 @@ EOF
fi
fi
if [ "$DOCKER_RESTART" -eq 1 ]; then
if [ "$RUNTIME_RESTART" -eq 1 ]; then
$ssh_cmd systemctl daemon-reload
$ssh_cmd systemctl --no-block restart docker.service
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
$ssh_cmd systemctl --no-block restart containerd.service
else
$ssh_cmd systemctl --no-block restart docker.service
fi
fi

@ -179,6 +179,8 @@ EnvironmentFile=/etc/kubernetes/kubelet
ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d
ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests
ExecStartPre=/bin/mkdir -p /var/lib/calico
ExecStartPre=/bin/mkdir -p /var/lib/containerd
ExecStartPre=/bin/mkdir -p /var/lib/docker
ExecStartPre=/bin/mkdir -p /var/lib/kubelet/volumeplugins
ExecStartPre=/bin/mkdir -p /opt/cni/bin
ExecStartPre=-/usr/bin/podman rm kubelet
@ -199,6 +201,7 @@ ExecStart=/bin/bash -c '/usr/bin/podman run --name kubelet \\
--volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \\
--volume /var/lib/calico:/var/lib/calico \\
--volume /var/lib/docker:/var/lib/docker \\
--volume /var/lib/containerd:/var/lib/containerd \\
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \\
--volume /var/log:/var/log \\
--volume /var/run:/var/run \\
@ -464,22 +467,13 @@ KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-fil
# specified cgroup driver
KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"
$ssh_cmd systemctl disable docker
if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
$ssh_cmd cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
/etc/systemd/system/docker.service
else
cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
EOF
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
KUBELET_ARGS="${KUBELET_ARGS} --runtime-cgroups=/system.slice/containerd.service"
KUBELET_ARGS="${KUBELET_ARGS} --container-runtime=remote"
KUBELET_ARGS="${KUBELET_ARGS} --runtime-request-timeout=15m"
KUBELET_ARGS="${KUBELET_ARGS} --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
fi
$ssh_cmd systemctl daemon-reload
$ssh_cmd systemctl enable docker
if [ -z "${KUBE_NODE_IP}" ]; then
KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
fi

@ -72,6 +72,8 @@ EnvironmentFile=/etc/kubernetes/kubelet
ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d
ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests
ExecStartPre=/bin/mkdir -p /var/lib/calico
ExecStartPre=/bin/mkdir -p /var/lib/containerd
ExecStartPre=/bin/mkdir -p /var/lib/docker
ExecStartPre=/bin/mkdir -p /var/lib/kubelet/volumeplugins
ExecStartPre=/bin/mkdir -p /opt/cni/bin
ExecStartPre=-/bin/bash -c '/usr/bin/podman run --privileged --user root --net host --entrypoint /bin/bash --rm --volume /usr/local/bin:/host/usr/local/bin \${CONTAINER_INFRA_PREFIX:-k8s.gcr.io/}hyperkube:\${KUBE_TAG} -c "cp /usr/local/bin/kubectl /host/usr/local/bin/kubectl"'
@ -93,6 +95,7 @@ ExecStart=/bin/bash -c '/usr/bin/podman run --name kubelet \\
--volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \\
--volume /var/lib/calico:/var/lib/calico \\
--volume /var/lib/docker:/var/lib/docker \\
--volume /var/lib/containerd:/var/lib/containerd \\
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \\
--volume /var/log:/var/log \\
--volume /var/run:/var/run \\
@ -266,6 +269,12 @@ KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-fil
# specified cgroup driver
KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
KUBELET_ARGS="${KUBELET_ARGS} --runtime-cgroups=/system.slice/containerd.service"
KUBELET_ARGS="${KUBELET_ARGS} --container-runtime=remote"
KUBELET_ARGS="${KUBELET_ARGS} --runtime-request-timeout=15m"
KUBELET_ARGS="${KUBELET_ARGS} --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
fi
auto_healing_enabled=$(echo ${AUTO_HEALING_ENABLED} | tr '[:upper:]' '[:lower:]')
autohealing_controller=$(echo ${AUTO_HEALING_CONTROLLER} | tr '[:upper:]' '[:lower:]')
@ -273,21 +282,6 @@ if [[ "${auto_healing_enabled}" = "true" && "${autohealing_controller}" = "drain
KUBELET_ARGS="${KUBELET_ARGS} --node-labels=draino-enabled=true"
fi
$ssh_cmd systemctl disable docker
if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
$ssh_cmd "cp /usr/lib/systemd/system/docker.service /etc/systemd/system/"
sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
/etc/systemd/system/docker.service
else
cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
EOF
fi
$ssh_cmd systemctl daemon-reload
$ssh_cmd systemctl enable docker
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
sed -i '

@ -16,8 +16,13 @@ while [ ! -f /etc/kubernetes/certs/ca.key ] && \
done
echo "starting services"
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
container_runtime_service="containerd"
else
container_runtime_service="docker"
fi
for action in enable restart; do
for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
for service in etcd ${container_runtime_service} kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
echo "$action service $service"
$ssh_cmd systemctl $action $service
done

@ -8,13 +8,20 @@ ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost"
# so we need to stop it first and delete the docker0 bridge (which will
# be re-created using the flannel-provided subnet).
echo "stopping docker"
$ssh_cmd systemctl stop docker
if [ ${CONTAINER_RUNTIME} != "containerd" ] ; then
$ssh_cmd systemctl stop docker
fi
# make sure we pick up any modified unit files
$ssh_cmd systemctl daemon-reload
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
container_runtime_service="containerd"
else
container_runtime_service="docker"
fi
for action in enable restart; do
for service in docker kubelet kube-proxy; do
for service in ${container_runtime_service} kubelet kube-proxy; do
echo "$action service $service"
$ssh_cmd systemctl $action $service
done

@ -0,0 +1,50 @@
#!/bin/bash
set +x
echo "START: install cri"
. /etc/sysconfig/heat-params
set -x
ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost"
if [ "${CONTAINER_RUNTIME}" = "containerd" ] ; then
$ssh_cmd systemctl disable docker
if [ -z "${CONTAINERD_TARBALL_URL}" ] ; then
CONTAINERD_TARBALL_URL="https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz"
fi
i=0
until curl -o /srv/magnum/cri-containerd.tar.gz "${CONTAINERD_TARBALL_URL}"
do
i=$((i + 1))
[ $i -lt 5 ] || break;
sleep 5
done
if ! echo "${CONTAINERD_TARBALL_SHA256} /srv/magnum/cri-containerd.tar.gz" | sha256sum -c - ; then
echo "ERROR cri-containerd.tar.gz computed checksum did NOT match, exiting."
exit 1
fi
$ssh_cmd tar xzvf /srv/magnum/cri-containerd.tar.gz -C / --no-same-owner --touch --no-same-permissions
$ssh_cmd systemctl daemon-reload
$ssh_cmd systemctl enable containerd
$ssh_cmd systemctl start containerd
else
# CONTAINER_RUNTIME=host-docker
$ssh_cmd systemctl disable docker
if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
$ssh_cmd cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
/etc/systemd/system/docker.service
else
cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
EOF
fi
$ssh_cmd systemctl daemon-reload
$ssh_cmd systemctl enable docker
fi
echo "END: install cri"

@ -118,6 +118,10 @@ NODEGROUP_ROLE="$NODEGROUP_ROLE"
NODEGROUP_NAME="$NODEGROUP_NAME"
USE_PODMAN="$USE_PODMAN"
KUBE_IMAGE_DIGEST="$KUBE_IMAGE_DIGEST"
CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
CONTAINERD_VERSION="$CONTAINERD_VERSION"
CONTAINERD_TARBALL_URL="$CONTAINERD_TARBALL_URL"
CONTAINERD_TARBALL_SHA256="$CONTAINERD_TARBALL_SHA256"
EOF
}

@ -64,6 +64,10 @@ AUTO_HEALING_CONTROLLER="$AUTO_HEALING_CONTROLLER"
NODEGROUP_ROLE="$NODEGROUP_ROLE"
NODEGROUP_NAME="$NODEGROUP_NAME"
USE_PODMAN="$USE_PODMAN"
CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
CONTAINERD_VERSION="$CONTAINERD_VERSION"
CONTAINERD_TARBALL_URL="$CONTAINERD_TARBALL_URL"
CONTAINERD_TARBALL_SHA256="$CONTAINERD_TARBALL_SHA256"
EOF
}

@ -78,6 +78,10 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
'kube_tag', 'container_infra_prefix',
'availability_zone',
'cgroup_driver',
'container_runtime',
'containerd_version',
'containerd_tarball_url',
'containerd_tarball_sha256',
'calico_tag',
'calico_kube_controllers_tag', 'calico_ipv4pool',
'calico_ipv4pool_ipip',

@ -820,6 +820,26 @@ parameters:
The digest of the image which should match the given kube_tag
default: ''
container_runtime:
type: string
description: The container runtime to install
default: 'host-docker'
containerd_version:
type: string
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
default: '1.2.8'
containerd_tarball_url:
type: string
description: Url location of the containerd tarball.
default: ''
containerd_tarball_sha256:
type: string
description: sha256 of the target containerd tarball.
default: '1f2f0fb928179df90492a83c326a194b8e9d992538498efb44cbb6ef15465627'
resources:
######################################################################
@ -1145,6 +1165,10 @@ resources:
ostree_remote: {get_param: ostree_remote}
ostree_commit: {get_param: ostree_commit}
use_podman: {get_param: use_podman}
container_runtime: {get_param: container_runtime}
containerd_version: {get_param: containerd_version}
containerd_tarball_url: {get_param: containerd_tarball_url}
containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
kube_cluster_config:
condition: create_cluster_resources
@ -1308,6 +1332,10 @@ resources:
ostree_remote: {get_param: ostree_remote}
ostree_commit: {get_param: ostree_commit}
use_podman: {get_param: use_podman}
container_runtime: {get_param: container_runtime}
containerd_version: {get_param: containerd_version}
containerd_tarball_url: {get_param: containerd_tarball_url}
containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
outputs:

@ -575,6 +575,22 @@ parameters:
description: >
if true, run system containers for kubernetes, etcd and heat-agent
container_runtime:
type: string
description: The container runtime to install
containerd_version:
type: string
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
containerd_tarball_url:
type: string
description: Url location of the containerd tarball.
containerd_tarball_sha256:
type: string
description: sha256 of the target containerd tarball.
conditions:
image_based: {equals: [{get_param: boot_volume_size}, 0]}
@ -749,6 +765,11 @@ resources:
"$NODEGROUP_ROLE": {get_param: nodegroup_role}
"$NODEGROUP_NAME": {get_param: nodegroup_name}
"$USE_PODMAN": {get_param: use_podman}
"$CONTAINER_RUNTIME": {get_param: container_runtime}
"$CONTAINERD_VERSION": {get_param: containerd_version}
"$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url}
"$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256}
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
- get_file: ../../common/templates/kubernetes/fragments/make-cert.sh
- str_replace:
template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh}

@ -327,6 +327,22 @@ parameters:
description: >
if true, run system containers for kubernetes, etcd and heat-agent
container_runtime:
type: string
description: The container runtime to install
containerd_version:
type: string
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
containerd_tarball_url:
type: string
description: Url location of the containerd tarball.
containerd_tarball_sha256:
type: string
description: sha256 of the target containerd tarball.
conditions:
image_based: {equals: [{get_param: boot_volume_size}, 0]}
@ -432,6 +448,11 @@ resources:
$NODEGROUP_ROLE: {get_param: nodegroup_role}
$NODEGROUP_NAME: {get_param: nodegroup_name}
$USE_PODMAN: {get_param: use_podman}
$CONTAINER_RUNTIME: {get_param: container_runtime}
$CONTAINERD_VERSION: {get_param: containerd_version}
$CONTAINERD_TARBALL_URL: {get_param: containerd_tarball_url}
$CONTAINERD_TARBALL_SHA256: {get_param: containerd_tarball_sha256}
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
- get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh
- get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh
- get_file: ../../common/templates/fragments/configure-docker-registry.sh

@ -822,6 +822,26 @@ parameters:
The digest of the image which should match the given kube_tag
default: ''
container_runtime:
type: string
description: The container runtime to install
default: 'host-docker'
containerd_version:
type: string
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
default: '1.2.8'
containerd_tarball_url:
type: string
description: Url location of the containerd tarball.
default: ''
containerd_tarball_sha256:
type: string
description: sha256 of the target containerd tarball.
default: '1f2f0fb928179df90492a83c326a194b8e9d992538498efb44cbb6ef15465627'
resources:
######################################################################
@ -1149,6 +1169,10 @@ resources:
ostree_commit: {get_param: ostree_commit}
use_podman: {get_param: use_podman}
kube_image_digest: {get_param: kube_image_digest}
container_runtime: {get_param: container_runtime}
containerd_version: {get_param: containerd_version}
containerd_tarball_url: {get_param: containerd_tarball_url}
containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
kube_cluster_config:
condition: create_cluster_resources
@ -1313,6 +1337,10 @@ resources:
ostree_remote: {get_param: ostree_remote}
ostree_commit: {get_param: ostree_commit}
use_podman: {get_param: use_podman}
container_runtime: {get_param: container_runtime}
containerd_version: {get_param: containerd_version}
containerd_tarball_url: {get_param: containerd_tarball_url}
containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
outputs:

@ -585,6 +585,22 @@ parameters:
The digest of the image which should match the given kube_tag
default: ''
container_runtime:
type: string
description: The container runtime to install
containerd_version:
type: string
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
containerd_tarball_url:
type: string
description: Url location of the containerd tarball.
containerd_tarball_sha256:
type: string
description: sha256 of the target containerd tarball.
conditions:
image_based: {equals: [{get_param: boot_volume_size}, 0]}
@ -762,6 +778,11 @@ resources:
"$NODEGROUP_NAME": {get_param: nodegroup_name}
"$USE_PODMAN": {get_param: use_podman}
"$KUBE_IMAGE_DIGEST": {get_param: kube_image_digest}
"$CONTAINER_RUNTIME": {get_param: container_runtime}
"$CONTAINERD_VERSION": {get_param: containerd_version}
"$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url}
"$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256}
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
- get_file: ../../common/templates/kubernetes/fragments/make-cert.sh
- str_replace:
template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh}

@ -329,6 +329,22 @@ parameters:
description: >
If true, run system containers for kubernetes, etcd and heat-agent
container_runtime:
type: string
description: The container runtime to install
containerd_version:
type: string
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
containerd_tarball_url:
type: string
description: Url location of the containerd tarball.
containerd_tarball_sha256:
type: string
description: sha256 of the target containerd tarball.
conditions:
image_based: {equals: [{get_param: boot_volume_size}, 0]}
@ -436,6 +452,11 @@ resources:
$NODEGROUP_ROLE: {get_param: nodegroup_role}
$NODEGROUP_NAME: {get_param: nodegroup_name}
$USE_PODMAN: {get_param: use_podman}
$CONTAINER_RUNTIME: {get_param: container_runtime}
$CONTAINERD_VERSION: {get_param: containerd_version}
$CONTAINERD_TARBALL_URL: {get_param: containerd_tarball_url}
$CONTAINERD_TARBALL_SHA256: {get_param: containerd_tarball_sha256}
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
- get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh
- get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh
- get_file: ../../common/templates/fragments/configure-docker-registry.sh

@ -589,6 +589,12 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
ostree_remote = mock_cluster.labels.get('ostree_remote')
ostree_commit = mock_cluster.labels.get('ostree_commit')
use_podman = mock_cluster.labels.get('use_podman')
container_runtime = mock_cluster.labels.get('container_runtime')
containerd_version = mock_cluster.labels.get('containerd_version')
containerd_tarball_url = mock_cluster.labels.get(
'containerd_tarball_url')
containerd_tarball_sha256 = mock_cluster.labels.get(
'containerd_tarball_sha256')
kube_image_digest = mock_cluster.labels.get('kube_image_digest')
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
@ -687,6 +693,10 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'ostree_commit': ostree_commit,
'use_podman': use_podman,
'kube_image_digest': kube_image_digest,
'container_runtime': container_runtime,
'containerd_version': containerd_version,
'containerd_tarball_url': containerd_tarball_url,
'containerd_tarball_sha256': containerd_tarball_sha256,
}}
mock_get_params.assert_called_once_with(mock_context,
mock_cluster_template,
@ -1058,6 +1068,12 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
ostree_remote = mock_cluster.labels.get('ostree_remote')
ostree_commit = mock_cluster.labels.get('ostree_commit')
use_podman = mock_cluster.labels.get('use_podman')
container_runtime = mock_cluster.labels.get('container_runtime')
containerd_version = mock_cluster.labels.get('containerd_version')
containerd_tarball_url = mock_cluster.labels.get(
'containerd_tarball_url')
containerd_tarball_sha256 = mock_cluster.labels.get(
'containerd_tarball_sha256')
kube_image_digest = mock_cluster.labels.get('kube_image_digest')
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
@ -1158,6 +1174,10 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'ostree_commit': ostree_commit,
'use_podman': use_podman,
'kube_image_digest': kube_image_digest,
'container_runtime': container_runtime,
'containerd_version': containerd_version,
'containerd_tarball_url': containerd_tarball_url,
'containerd_tarball_sha256': containerd_tarball_sha256,
}}
mock_get_params.assert_called_once_with(mock_context,
mock_cluster_template,

@ -0,0 +1,21 @@
---
features:
- |
New labels to support containerd as a runtime.
container_runtime
The container runtime to use. Empty value means, use docker from the
host. Since ussuri, apart from empty (host-docker), containerd is also
an option.
containerd_version
The containerd version to use as released in
https://github.com/containerd/containerd/releases and
https://storage.googleapis.com/cri-containerd-release/
containerd_tarball_url
Url with the tarball of containerd's binaries.
containerd_tarball_sha256
sha256 of the tarball fetched with containerd_tarball_url or from
https://storage.googleapis.com/cri-containerd-release/.
Loading…
Cancel
Save