Merge "Add opt-in containerd support"
This commit is contained in:
commit
fa45002e21
|
@ -447,6 +447,15 @@ the table are linked to more details elsewhere in the user guide.
|
|||
| `use_podman`_ | - true | see below |
|
||||
| | - false | |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `container_runtime`_ | - "" | "" |
|
||||
| | - containerd | |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `containerd_version`_ | see below | see below |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `containerd_tarball_url`_ | see below | see below |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `containerd_tarball_sha256`_ | see below | see below |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
|
||||
.. _cluster:
|
||||
|
||||
|
@ -1443,6 +1452,23 @@ _`use_podman`
|
|||
necessary since v1.16 dropped the --containerized flag in kubelet.
|
||||
https://github.com/kubernetes/kubernetes/pull/80043/files
|
||||
|
||||
_`container_runtime`
|
||||
The container runtime to use. Empty value means, use docker from the
|
||||
host. Since ussuri, apart from empty (host-docker), containerd is also
|
||||
an option.
|
||||
|
||||
_`containerd_version`
|
||||
The containerd version to use as released in
|
||||
https://github.com/containerd/containerd/releases and
|
||||
https://storage.googleapis.com/cri-containerd-release/
|
||||
|
||||
_`containerd_tarball_url`
|
||||
Url with the tarball of containerd's binaries.
|
||||
|
||||
_`containerd_tarball_sha256`
|
||||
sha256 of the tarball fetched with containerd_tarball_url or from
|
||||
https://storage.googleapis.com/cri-containerd-release/.
|
||||
|
||||
External load balancer for services
|
||||
-----------------------------------
|
||||
|
||||
|
|
|
@ -6,25 +6,31 @@ set -x
|
|||
|
||||
ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost"
|
||||
|
||||
DOCKER_HTTP_PROXY_CONF=/etc/systemd/system/docker.service.d/http_proxy.conf
|
||||
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
|
||||
SERVICE_DIR="/etc/systemd/system/containerd.service.d"
|
||||
else
|
||||
SERVICE_DIR="/etc/systemd/system/docker.service.d"
|
||||
fi
|
||||
|
||||
DOCKER_HTTPS_PROXY_CONF=/etc/systemd/system/docker.service.d/https_proxy.conf
|
||||
HTTP_PROXY_CONF=${SERVICE_DIR}/http_proxy.conf
|
||||
|
||||
DOCKER_NO_PROXY_CONF=/etc/systemd/system/docker.service.d/no_proxy.conf
|
||||
HTTPS_PROXY_CONF=${SERVICE_DIR}/https_proxy.conf
|
||||
|
||||
DOCKER_RESTART=0
|
||||
NO_PROXY_CONF=${SERVICE_DIR}/no_proxy.conf
|
||||
|
||||
RUNTIME_RESTART=0
|
||||
|
||||
BASH_RC=/etc/bashrc
|
||||
|
||||
mkdir -p /etc/systemd/system/docker.service.d
|
||||
mkdir -p ${SERVICE_DIR}
|
||||
|
||||
if [ -n "$HTTP_PROXY" ]; then
|
||||
cat <<EOF | sed "s/^ *//" > $DOCKER_HTTP_PROXY_CONF
|
||||
cat <<EOF | sed "s/^ *//" > $HTTP_PROXY_CONF
|
||||
[Service]
|
||||
Environment=HTTP_PROXY=$HTTP_PROXY
|
||||
EOF
|
||||
|
||||
DOCKER_RESTART=1
|
||||
RUNTIME_RESTART=1
|
||||
|
||||
if [ -f "$BASH_RC" ]; then
|
||||
echo "declare -x http_proxy=$HTTP_PROXY" >> $BASH_RC
|
||||
|
@ -34,12 +40,12 @@ EOF
|
|||
fi
|
||||
|
||||
if [ -n "$HTTPS_PROXY" ]; then
|
||||
cat <<EOF | sed "s/^ *//" > $DOCKER_HTTPS_PROXY_CONF
|
||||
cat <<EOF | sed "s/^ *//" > $HTTPS_PROXY_CONF
|
||||
[Service]
|
||||
Environment=HTTPS_PROXY=$HTTPS_PROXY
|
||||
EOF
|
||||
|
||||
DOCKER_RESTART=1
|
||||
RUNTIME_RESTART=1
|
||||
|
||||
if [ -f "$BASH_RC" ]; then
|
||||
echo "declare -x https_proxy=$HTTPS_PROXY" >> $BASH_RC
|
||||
|
@ -49,12 +55,12 @@ EOF
|
|||
fi
|
||||
|
||||
if [ -n "$NO_PROXY" ]; then
|
||||
cat <<EOF | sed "s/^ *//" > $DOCKER_NO_PROXY_CONF
|
||||
cat <<EOF | sed "s/^ *//" > $NO_PROXY_CONF
|
||||
[Service]
|
||||
Environment=NO_PROXY=$NO_PROXY
|
||||
EOF
|
||||
|
||||
DOCKER_RESTART=1
|
||||
RUNTIME_RESTART=1
|
||||
|
||||
if [ -f "$BASH_RC" ]; then
|
||||
echo "declare -x no_proxy=$NO_PROXY" >> $BASH_RC
|
||||
|
@ -63,7 +69,11 @@ EOF
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ "$DOCKER_RESTART" -eq 1 ]; then
|
||||
if [ "$RUNTIME_RESTART" -eq 1 ]; then
|
||||
$ssh_cmd systemctl daemon-reload
|
||||
$ssh_cmd systemctl --no-block restart docker.service
|
||||
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
|
||||
$ssh_cmd systemctl --no-block restart containerd.service
|
||||
else
|
||||
$ssh_cmd systemctl --no-block restart docker.service
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -179,6 +179,8 @@ EnvironmentFile=/etc/kubernetes/kubelet
|
|||
ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d
|
||||
ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests
|
||||
ExecStartPre=/bin/mkdir -p /var/lib/calico
|
||||
ExecStartPre=/bin/mkdir -p /var/lib/containerd
|
||||
ExecStartPre=/bin/mkdir -p /var/lib/docker
|
||||
ExecStartPre=/bin/mkdir -p /var/lib/kubelet/volumeplugins
|
||||
ExecStartPre=/bin/mkdir -p /opt/cni/bin
|
||||
ExecStartPre=-/usr/bin/podman rm kubelet
|
||||
|
@ -199,6 +201,7 @@ ExecStart=/bin/bash -c '/usr/bin/podman run --name kubelet \\
|
|||
--volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \\
|
||||
--volume /var/lib/calico:/var/lib/calico \\
|
||||
--volume /var/lib/docker:/var/lib/docker \\
|
||||
--volume /var/lib/containerd:/var/lib/containerd \\
|
||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \\
|
||||
--volume /var/log:/var/log \\
|
||||
--volume /var/run:/var/run \\
|
||||
|
@ -464,22 +467,13 @@ KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-fil
|
|||
|
||||
# specified cgroup driver
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"
|
||||
|
||||
$ssh_cmd systemctl disable docker
|
||||
if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
|
||||
$ssh_cmd cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
|
||||
sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
|
||||
/etc/systemd/system/docker.service
|
||||
else
|
||||
cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
|
||||
ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
|
||||
EOF
|
||||
|
||||
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --runtime-cgroups=/system.slice/containerd.service"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --container-runtime=remote"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --runtime-request-timeout=15m"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
|
||||
fi
|
||||
|
||||
$ssh_cmd systemctl daemon-reload
|
||||
$ssh_cmd systemctl enable docker
|
||||
|
||||
if [ -z "${KUBE_NODE_IP}" ]; then
|
||||
KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
|
||||
fi
|
||||
|
|
|
@ -72,6 +72,8 @@ EnvironmentFile=/etc/kubernetes/kubelet
|
|||
ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d
|
||||
ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests
|
||||
ExecStartPre=/bin/mkdir -p /var/lib/calico
|
||||
ExecStartPre=/bin/mkdir -p /var/lib/containerd
|
||||
ExecStartPre=/bin/mkdir -p /var/lib/docker
|
||||
ExecStartPre=/bin/mkdir -p /var/lib/kubelet/volumeplugins
|
||||
ExecStartPre=/bin/mkdir -p /opt/cni/bin
|
||||
ExecStartPre=-/bin/bash -c '/usr/bin/podman run --privileged --user root --net host --entrypoint /bin/bash --rm --volume /usr/local/bin:/host/usr/local/bin \${CONTAINER_INFRA_PREFIX:-k8s.gcr.io/}hyperkube:\${KUBE_TAG} -c "cp /usr/local/bin/kubectl /host/usr/local/bin/kubectl"'
|
||||
|
@ -93,6 +95,7 @@ ExecStart=/bin/bash -c '/usr/bin/podman run --name kubelet \\
|
|||
--volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \\
|
||||
--volume /var/lib/calico:/var/lib/calico \\
|
||||
--volume /var/lib/docker:/var/lib/docker \\
|
||||
--volume /var/lib/containerd:/var/lib/containerd \\
|
||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \\
|
||||
--volume /var/log:/var/log \\
|
||||
--volume /var/run:/var/run \\
|
||||
|
@ -266,6 +269,12 @@ KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-fil
|
|||
|
||||
# specified cgroup driver
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"
|
||||
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --runtime-cgroups=/system.slice/containerd.service"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --container-runtime=remote"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --runtime-request-timeout=15m"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
|
||||
fi
|
||||
|
||||
auto_healing_enabled=$(echo ${AUTO_HEALING_ENABLED} | tr '[:upper:]' '[:lower:]')
|
||||
autohealing_controller=$(echo ${AUTO_HEALING_CONTROLLER} | tr '[:upper:]' '[:lower:]')
|
||||
|
@ -273,21 +282,6 @@ if [[ "${auto_healing_enabled}" = "true" && "${autohealing_controller}" = "drain
|
|||
KUBELET_ARGS="${KUBELET_ARGS} --node-labels=draino-enabled=true"
|
||||
fi
|
||||
|
||||
$ssh_cmd systemctl disable docker
|
||||
if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
|
||||
$ssh_cmd "cp /usr/lib/systemd/system/docker.service /etc/systemd/system/"
|
||||
sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
|
||||
/etc/systemd/system/docker.service
|
||||
else
|
||||
cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
|
||||
ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
$ssh_cmd systemctl daemon-reload
|
||||
$ssh_cmd systemctl enable docker
|
||||
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
|
||||
|
||||
sed -i '
|
||||
|
|
|
@ -16,8 +16,13 @@ while [ ! -f /etc/kubernetes/certs/ca.key ] && \
|
|||
done
|
||||
|
||||
echo "starting services"
|
||||
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
|
||||
container_runtime_service="containerd"
|
||||
else
|
||||
container_runtime_service="docker"
|
||||
fi
|
||||
for action in enable restart; do
|
||||
for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
|
||||
for service in etcd ${container_runtime_service} kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
|
||||
echo "$action service $service"
|
||||
$ssh_cmd systemctl $action $service
|
||||
done
|
||||
|
|
|
@ -8,13 +8,20 @@ ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost"
|
|||
# so we need to stop it first and delete the docker0 bridge (which will
|
||||
# be re-created using the flannel-provided subnet).
|
||||
echo "stopping docker"
|
||||
$ssh_cmd systemctl stop docker
|
||||
if [ ${CONTAINER_RUNTIME} != "containerd" ] ; then
|
||||
$ssh_cmd systemctl stop docker
|
||||
fi
|
||||
|
||||
# make sure we pick up any modified unit files
|
||||
$ssh_cmd systemctl daemon-reload
|
||||
|
||||
if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then
|
||||
container_runtime_service="containerd"
|
||||
else
|
||||
container_runtime_service="docker"
|
||||
fi
|
||||
for action in enable restart; do
|
||||
for service in docker kubelet kube-proxy; do
|
||||
for service in ${container_runtime_service} kubelet kube-proxy; do
|
||||
echo "$action service $service"
|
||||
$ssh_cmd systemctl $action $service
|
||||
done
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
#!/bin/bash
|
||||
|
||||
set +x
|
||||
|
||||
echo "START: install cri"
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
set -x
|
||||
|
||||
ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost"
|
||||
|
||||
if [ "${CONTAINER_RUNTIME}" = "containerd" ] ; then
|
||||
$ssh_cmd systemctl disable docker
|
||||
if [ -z "${CONTAINERD_TARBALL_URL}" ] ; then
|
||||
CONTAINERD_TARBALL_URL="https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz"
|
||||
fi
|
||||
i=0
|
||||
until curl -o /srv/magnum/cri-containerd.tar.gz "${CONTAINERD_TARBALL_URL}"
|
||||
do
|
||||
i=$((i + 1))
|
||||
[ $i -lt 5 ] || break;
|
||||
sleep 5
|
||||
done
|
||||
|
||||
if ! echo "${CONTAINERD_TARBALL_SHA256} /srv/magnum/cri-containerd.tar.gz" | sha256sum -c - ; then
|
||||
echo "ERROR cri-containerd.tar.gz computed checksum did NOT match, exiting."
|
||||
exit 1
|
||||
fi
|
||||
$ssh_cmd tar xzvf /srv/magnum/cri-containerd.tar.gz -C / --no-same-owner --touch --no-same-permissions
|
||||
$ssh_cmd systemctl daemon-reload
|
||||
$ssh_cmd systemctl enable containerd
|
||||
$ssh_cmd systemctl start containerd
|
||||
else
|
||||
# CONTAINER_RUNTIME=host-docker
|
||||
$ssh_cmd systemctl disable docker
|
||||
if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
|
||||
$ssh_cmd cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
|
||||
sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
|
||||
/etc/systemd/system/docker.service
|
||||
else
|
||||
cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
|
||||
ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
|
||||
EOF
|
||||
fi
|
||||
|
||||
$ssh_cmd systemctl daemon-reload
|
||||
$ssh_cmd systemctl enable docker
|
||||
fi
|
||||
|
||||
echo "END: install cri"
|
|
@ -118,6 +118,10 @@ NODEGROUP_ROLE="$NODEGROUP_ROLE"
|
|||
NODEGROUP_NAME="$NODEGROUP_NAME"
|
||||
USE_PODMAN="$USE_PODMAN"
|
||||
KUBE_IMAGE_DIGEST="$KUBE_IMAGE_DIGEST"
|
||||
CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
|
||||
CONTAINERD_VERSION="$CONTAINERD_VERSION"
|
||||
CONTAINERD_TARBALL_URL="$CONTAINERD_TARBALL_URL"
|
||||
CONTAINERD_TARBALL_SHA256="$CONTAINERD_TARBALL_SHA256"
|
||||
EOF
|
||||
}
|
||||
|
||||
|
|
|
@ -64,6 +64,10 @@ AUTO_HEALING_CONTROLLER="$AUTO_HEALING_CONTROLLER"
|
|||
NODEGROUP_ROLE="$NODEGROUP_ROLE"
|
||||
NODEGROUP_NAME="$NODEGROUP_NAME"
|
||||
USE_PODMAN="$USE_PODMAN"
|
||||
CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
|
||||
CONTAINERD_VERSION="$CONTAINERD_VERSION"
|
||||
CONTAINERD_TARBALL_URL="$CONTAINERD_TARBALL_URL"
|
||||
CONTAINERD_TARBALL_SHA256="$CONTAINERD_TARBALL_SHA256"
|
||||
EOF
|
||||
}
|
||||
|
||||
|
|
|
@ -78,6 +78,10 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
|
|||
'kube_tag', 'container_infra_prefix',
|
||||
'availability_zone',
|
||||
'cgroup_driver',
|
||||
'container_runtime',
|
||||
'containerd_version',
|
||||
'containerd_tarball_url',
|
||||
'containerd_tarball_sha256',
|
||||
'calico_tag',
|
||||
'calico_kube_controllers_tag', 'calico_ipv4pool',
|
||||
'calico_ipv4pool_ipip',
|
||||
|
|
|
@ -820,6 +820,26 @@ parameters:
|
|||
The digest of the image which should match the given kube_tag
|
||||
default: ''
|
||||
|
||||
container_runtime:
|
||||
type: string
|
||||
description: The container runtime to install
|
||||
default: 'host-docker'
|
||||
|
||||
containerd_version:
|
||||
type: string
|
||||
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
|
||||
default: '1.2.8'
|
||||
|
||||
containerd_tarball_url:
|
||||
type: string
|
||||
description: Url location of the containerd tarball.
|
||||
default: ''
|
||||
|
||||
containerd_tarball_sha256:
|
||||
type: string
|
||||
description: sha256 of the target containerd tarball.
|
||||
default: '1f2f0fb928179df90492a83c326a194b8e9d992538498efb44cbb6ef15465627'
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
|
@ -1145,6 +1165,10 @@ resources:
|
|||
ostree_remote: {get_param: ostree_remote}
|
||||
ostree_commit: {get_param: ostree_commit}
|
||||
use_podman: {get_param: use_podman}
|
||||
container_runtime: {get_param: container_runtime}
|
||||
containerd_version: {get_param: containerd_version}
|
||||
containerd_tarball_url: {get_param: containerd_tarball_url}
|
||||
containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
|
||||
|
||||
kube_cluster_config:
|
||||
condition: create_cluster_resources
|
||||
|
@ -1308,6 +1332,10 @@ resources:
|
|||
ostree_remote: {get_param: ostree_remote}
|
||||
ostree_commit: {get_param: ostree_commit}
|
||||
use_podman: {get_param: use_podman}
|
||||
container_runtime: {get_param: container_runtime}
|
||||
containerd_version: {get_param: containerd_version}
|
||||
containerd_tarball_url: {get_param: containerd_tarball_url}
|
||||
containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
|
||||
|
||||
outputs:
|
||||
|
||||
|
|
|
@ -575,6 +575,22 @@ parameters:
|
|||
description: >
|
||||
if true, run system containers for kubernetes, etcd and heat-agent
|
||||
|
||||
container_runtime:
|
||||
type: string
|
||||
description: The container runtime to install
|
||||
|
||||
containerd_version:
|
||||
type: string
|
||||
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
|
||||
|
||||
containerd_tarball_url:
|
||||
type: string
|
||||
description: Url location of the containerd tarball.
|
||||
|
||||
containerd_tarball_sha256:
|
||||
type: string
|
||||
description: sha256 of the target containerd tarball.
|
||||
|
||||
conditions:
|
||||
|
||||
image_based: {equals: [{get_param: boot_volume_size}, 0]}
|
||||
|
@ -749,6 +765,11 @@ resources:
|
|||
"$NODEGROUP_ROLE": {get_param: nodegroup_role}
|
||||
"$NODEGROUP_NAME": {get_param: nodegroup_name}
|
||||
"$USE_PODMAN": {get_param: use_podman}
|
||||
"$CONTAINER_RUNTIME": {get_param: container_runtime}
|
||||
"$CONTAINERD_VERSION": {get_param: containerd_version}
|
||||
"$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url}
|
||||
"$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256}
|
||||
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/make-cert.sh
|
||||
- str_replace:
|
||||
template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh}
|
||||
|
|
|
@ -327,6 +327,22 @@ parameters:
|
|||
description: >
|
||||
if true, run system containers for kubernetes, etcd and heat-agent
|
||||
|
||||
container_runtime:
|
||||
type: string
|
||||
description: The container runtime to install
|
||||
|
||||
containerd_version:
|
||||
type: string
|
||||
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
|
||||
|
||||
containerd_tarball_url:
|
||||
type: string
|
||||
description: Url location of the containerd tarball.
|
||||
|
||||
containerd_tarball_sha256:
|
||||
type: string
|
||||
description: sha256 of the target containerd tarball.
|
||||
|
||||
conditions:
|
||||
|
||||
image_based: {equals: [{get_param: boot_volume_size}, 0]}
|
||||
|
@ -432,6 +448,11 @@ resources:
|
|||
$NODEGROUP_ROLE: {get_param: nodegroup_role}
|
||||
$NODEGROUP_NAME: {get_param: nodegroup_name}
|
||||
$USE_PODMAN: {get_param: use_podman}
|
||||
$CONTAINER_RUNTIME: {get_param: container_runtime}
|
||||
$CONTAINERD_VERSION: {get_param: containerd_version}
|
||||
$CONTAINERD_TARBALL_URL: {get_param: containerd_tarball_url}
|
||||
$CONTAINERD_TARBALL_SHA256: {get_param: containerd_tarball_sha256}
|
||||
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh
|
||||
- get_file: ../../common/templates/fragments/configure-docker-registry.sh
|
||||
|
|
|
@ -822,6 +822,26 @@ parameters:
|
|||
The digest of the image which should match the given kube_tag
|
||||
default: ''
|
||||
|
||||
container_runtime:
|
||||
type: string
|
||||
description: The container runtime to install
|
||||
default: 'host-docker'
|
||||
|
||||
containerd_version:
|
||||
type: string
|
||||
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
|
||||
default: '1.2.8'
|
||||
|
||||
containerd_tarball_url:
|
||||
type: string
|
||||
description: Url location of the containerd tarball.
|
||||
default: ''
|
||||
|
||||
containerd_tarball_sha256:
|
||||
type: string
|
||||
description: sha256 of the target containerd tarball.
|
||||
default: '1f2f0fb928179df90492a83c326a194b8e9d992538498efb44cbb6ef15465627'
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
|
@ -1149,6 +1169,10 @@ resources:
|
|||
ostree_commit: {get_param: ostree_commit}
|
||||
use_podman: {get_param: use_podman}
|
||||
kube_image_digest: {get_param: kube_image_digest}
|
||||
container_runtime: {get_param: container_runtime}
|
||||
containerd_version: {get_param: containerd_version}
|
||||
containerd_tarball_url: {get_param: containerd_tarball_url}
|
||||
containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
|
||||
|
||||
kube_cluster_config:
|
||||
condition: create_cluster_resources
|
||||
|
@ -1313,6 +1337,10 @@ resources:
|
|||
ostree_remote: {get_param: ostree_remote}
|
||||
ostree_commit: {get_param: ostree_commit}
|
||||
use_podman: {get_param: use_podman}
|
||||
container_runtime: {get_param: container_runtime}
|
||||
containerd_version: {get_param: containerd_version}
|
||||
containerd_tarball_url: {get_param: containerd_tarball_url}
|
||||
containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
|
||||
|
||||
outputs:
|
||||
|
||||
|
|
|
@ -585,6 +585,22 @@ parameters:
|
|||
The digest of the image which should match the given kube_tag
|
||||
default: ''
|
||||
|
||||
container_runtime:
|
||||
type: string
|
||||
description: The container runtime to install
|
||||
|
||||
containerd_version:
|
||||
type: string
|
||||
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
|
||||
|
||||
containerd_tarball_url:
|
||||
type: string
|
||||
description: Url location of the containerd tarball.
|
||||
|
||||
containerd_tarball_sha256:
|
||||
type: string
|
||||
description: sha256 of the target containerd tarball.
|
||||
|
||||
conditions:
|
||||
|
||||
image_based: {equals: [{get_param: boot_volume_size}, 0]}
|
||||
|
@ -762,6 +778,11 @@ resources:
|
|||
"$NODEGROUP_NAME": {get_param: nodegroup_name}
|
||||
"$USE_PODMAN": {get_param: use_podman}
|
||||
"$KUBE_IMAGE_DIGEST": {get_param: kube_image_digest}
|
||||
"$CONTAINER_RUNTIME": {get_param: container_runtime}
|
||||
"$CONTAINERD_VERSION": {get_param: containerd_version}
|
||||
"$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url}
|
||||
"$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256}
|
||||
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/make-cert.sh
|
||||
- str_replace:
|
||||
template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh}
|
||||
|
|
|
@ -329,6 +329,22 @@ parameters:
|
|||
description: >
|
||||
If true, run system containers for kubernetes, etcd and heat-agent
|
||||
|
||||
container_runtime:
|
||||
type: string
|
||||
description: The container runtime to install
|
||||
|
||||
containerd_version:
|
||||
type: string
|
||||
description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/
|
||||
|
||||
containerd_tarball_url:
|
||||
type: string
|
||||
description: Url location of the containerd tarball.
|
||||
|
||||
containerd_tarball_sha256:
|
||||
type: string
|
||||
description: sha256 of the target containerd tarball.
|
||||
|
||||
conditions:
|
||||
|
||||
image_based: {equals: [{get_param: boot_volume_size}, 0]}
|
||||
|
@ -436,6 +452,11 @@ resources:
|
|||
$NODEGROUP_ROLE: {get_param: nodegroup_role}
|
||||
$NODEGROUP_NAME: {get_param: nodegroup_name}
|
||||
$USE_PODMAN: {get_param: use_podman}
|
||||
$CONTAINER_RUNTIME: {get_param: container_runtime}
|
||||
$CONTAINERD_VERSION: {get_param: containerd_version}
|
||||
$CONTAINERD_TARBALL_URL: {get_param: containerd_tarball_url}
|
||||
$CONTAINERD_TARBALL_SHA256: {get_param: containerd_tarball_sha256}
|
||||
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh
|
||||
- get_file: ../../common/templates/fragments/configure-docker-registry.sh
|
||||
|
|
|
@ -589,6 +589,12 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
ostree_remote = mock_cluster.labels.get('ostree_remote')
|
||||
ostree_commit = mock_cluster.labels.get('ostree_commit')
|
||||
use_podman = mock_cluster.labels.get('use_podman')
|
||||
container_runtime = mock_cluster.labels.get('container_runtime')
|
||||
containerd_version = mock_cluster.labels.get('containerd_version')
|
||||
containerd_tarball_url = mock_cluster.labels.get(
|
||||
'containerd_tarball_url')
|
||||
containerd_tarball_sha256 = mock_cluster.labels.get(
|
||||
'containerd_tarball_sha256')
|
||||
kube_image_digest = mock_cluster.labels.get('kube_image_digest')
|
||||
|
||||
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
|
||||
|
@ -687,6 +693,10 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
'ostree_commit': ostree_commit,
|
||||
'use_podman': use_podman,
|
||||
'kube_image_digest': kube_image_digest,
|
||||
'container_runtime': container_runtime,
|
||||
'containerd_version': containerd_version,
|
||||
'containerd_tarball_url': containerd_tarball_url,
|
||||
'containerd_tarball_sha256': containerd_tarball_sha256,
|
||||
}}
|
||||
mock_get_params.assert_called_once_with(mock_context,
|
||||
mock_cluster_template,
|
||||
|
@ -1058,6 +1068,12 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
ostree_remote = mock_cluster.labels.get('ostree_remote')
|
||||
ostree_commit = mock_cluster.labels.get('ostree_commit')
|
||||
use_podman = mock_cluster.labels.get('use_podman')
|
||||
container_runtime = mock_cluster.labels.get('container_runtime')
|
||||
containerd_version = mock_cluster.labels.get('containerd_version')
|
||||
containerd_tarball_url = mock_cluster.labels.get(
|
||||
'containerd_tarball_url')
|
||||
containerd_tarball_sha256 = mock_cluster.labels.get(
|
||||
'containerd_tarball_sha256')
|
||||
kube_image_digest = mock_cluster.labels.get('kube_image_digest')
|
||||
|
||||
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
|
||||
|
@ -1158,6 +1174,10 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
'ostree_commit': ostree_commit,
|
||||
'use_podman': use_podman,
|
||||
'kube_image_digest': kube_image_digest,
|
||||
'container_runtime': container_runtime,
|
||||
'containerd_version': containerd_version,
|
||||
'containerd_tarball_url': containerd_tarball_url,
|
||||
'containerd_tarball_sha256': containerd_tarball_sha256,
|
||||
}}
|
||||
mock_get_params.assert_called_once_with(mock_context,
|
||||
mock_cluster_template,
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
New labels to support containerd as a runtime.
|
||||
|
||||
container_runtime
|
||||
The container runtime to use. Empty value means, use docker from the
|
||||
host. Since ussuri, apart from empty (host-docker), containerd is also
|
||||
an option.
|
||||
|
||||
containerd_version
|
||||
The containerd version to use as released in
|
||||
https://github.com/containerd/containerd/releases and
|
||||
https://storage.googleapis.com/cri-containerd-release/
|
||||
|
||||
containerd_tarball_url
|
||||
Url with the tarball of containerd's binaries.
|
||||
|
||||
containerd_tarball_sha256
|
||||
sha256 of the tarball fetched with containerd_tarball_url or from
|
||||
https://storage.googleapis.com/cri-containerd-release/.
|
Loading…
Reference in New Issue