diff --git a/doc/source/user/index.rst b/doc/source/user/index.rst index 39a5a6c178..60abf20613 100644 --- a/doc/source/user/index.rst +++ b/doc/source/user/index.rst @@ -447,6 +447,15 @@ the table are linked to more details elsewhere in the user guide. | `use_podman`_ | - true | see below | | | - false | | +---------------------------------------+--------------------+---------------+ +| `container_runtime`_ | - "" | "" | +| | - containerd | | ++---------------------------------------+--------------------+---------------+ +| `containerd_version`_ | see below | see below | ++---------------------------------------+--------------------+---------------+ +| `containerd_tarball_url`_ | see below | see below | ++---------------------------------------+--------------------+---------------+ +| `containerd_tarball_sha256`_ | see below | see below | ++---------------------------------------+--------------------+---------------+ .. _cluster: @@ -1443,6 +1452,23 @@ _`use_podman` necessary since v1.16 dropped the --containerized flag in kubelet. https://github.com/kubernetes/kubernetes/pull/80043/files +_`container_runtime` + The container runtime to use. Empty value means, use docker from the + host. Since ussuri, apart from empty (host-docker), containerd is also + an option. + +_`containerd_version` + The containerd version to use as released in + https://github.com/containerd/containerd/releases and + https://storage.googleapis.com/cri-containerd-release/ + +_`containerd_tarball_url` + Url with the tarball of containerd's binaries. + +_`containerd_tarball_sha256` + sha256 of the tarball fetched with containerd_tarball_url or from + https://storage.googleapis.com/cri-containerd-release/. + External load balancer for services ----------------------------------- diff --git a/magnum/drivers/common/templates/kubernetes/fragments/add-proxy.sh b/magnum/drivers/common/templates/kubernetes/fragments/add-proxy.sh index 06ba69f3c6..d22a02618d 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/add-proxy.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/add-proxy.sh @@ -6,25 +6,31 @@ set -x ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost" -DOCKER_HTTP_PROXY_CONF=/etc/systemd/system/docker.service.d/http_proxy.conf +if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then + SERVICE_DIR="/etc/systemd/system/containerd.service.d" +else + SERVICE_DIR="/etc/systemd/system/docker.service.d" +fi -DOCKER_HTTPS_PROXY_CONF=/etc/systemd/system/docker.service.d/https_proxy.conf +HTTP_PROXY_CONF=${SERVICE_DIR}/http_proxy.conf -DOCKER_NO_PROXY_CONF=/etc/systemd/system/docker.service.d/no_proxy.conf +HTTPS_PROXY_CONF=${SERVICE_DIR}/https_proxy.conf -DOCKER_RESTART=0 +NO_PROXY_CONF=${SERVICE_DIR}/no_proxy.conf + +RUNTIME_RESTART=0 BASH_RC=/etc/bashrc -mkdir -p /etc/systemd/system/docker.service.d +mkdir -p ${SERVICE_DIR} if [ -n "$HTTP_PROXY" ]; then - cat < $DOCKER_HTTP_PROXY_CONF + cat < $HTTP_PROXY_CONF [Service] Environment=HTTP_PROXY=$HTTP_PROXY EOF - DOCKER_RESTART=1 + RUNTIME_RESTART=1 if [ -f "$BASH_RC" ]; then echo "declare -x http_proxy=$HTTP_PROXY" >> $BASH_RC @@ -34,12 +40,12 @@ EOF fi if [ -n "$HTTPS_PROXY" ]; then - cat < $DOCKER_HTTPS_PROXY_CONF + cat < $HTTPS_PROXY_CONF [Service] Environment=HTTPS_PROXY=$HTTPS_PROXY EOF - DOCKER_RESTART=1 + RUNTIME_RESTART=1 if [ -f "$BASH_RC" ]; then echo "declare -x https_proxy=$HTTPS_PROXY" >> $BASH_RC @@ -49,12 +55,12 @@ EOF fi if [ -n "$NO_PROXY" ]; then - cat < $DOCKER_NO_PROXY_CONF + cat < $NO_PROXY_CONF [Service] Environment=NO_PROXY=$NO_PROXY EOF - DOCKER_RESTART=1 + RUNTIME_RESTART=1 if [ -f "$BASH_RC" ]; then echo "declare -x no_proxy=$NO_PROXY" >> $BASH_RC @@ -63,7 +69,11 @@ EOF fi fi -if [ "$DOCKER_RESTART" -eq 1 ]; then +if [ "$RUNTIME_RESTART" -eq 1 ]; then $ssh_cmd systemctl daemon-reload - $ssh_cmd systemctl --no-block restart docker.service + if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then + $ssh_cmd systemctl --no-block restart containerd.service + else + $ssh_cmd systemctl --no-block restart docker.service + fi fi diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh index ed198da1cc..cbbecf0a48 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh @@ -179,6 +179,8 @@ EnvironmentFile=/etc/kubernetes/kubelet ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /var/lib/calico +ExecStartPre=/bin/mkdir -p /var/lib/containerd +ExecStartPre=/bin/mkdir -p /var/lib/docker ExecStartPre=/bin/mkdir -p /var/lib/kubelet/volumeplugins ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=-/usr/bin/podman rm kubelet @@ -199,6 +201,7 @@ ExecStart=/bin/bash -c '/usr/bin/podman run --name kubelet \\ --volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \\ --volume /var/lib/calico:/var/lib/calico \\ --volume /var/lib/docker:/var/lib/docker \\ + --volume /var/lib/containerd:/var/lib/containerd \\ --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \\ --volume /var/log:/var/log \\ --volume /var/run:/var/run \\ @@ -464,22 +467,13 @@ KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-fil # specified cgroup driver KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}" - -$ssh_cmd systemctl disable docker -if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then - $ssh_cmd cp /usr/lib/systemd/system/docker.service /etc/systemd/system/ - sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \ - /etc/systemd/system/docker.service -else - cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF -ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER -EOF - +if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then + KUBELET_ARGS="${KUBELET_ARGS} --runtime-cgroups=/system.slice/containerd.service" + KUBELET_ARGS="${KUBELET_ARGS} --container-runtime=remote" + KUBELET_ARGS="${KUBELET_ARGS} --runtime-request-timeout=15m" + KUBELET_ARGS="${KUBELET_ARGS} --container-runtime-endpoint=unix:///run/containerd/containerd.sock" fi -$ssh_cmd systemctl daemon-reload -$ssh_cmd systemctl enable docker - if [ -z "${KUBE_NODE_IP}" ]; then KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) fi diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh index c1b1bda825..65920d3723 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh @@ -72,6 +72,8 @@ EnvironmentFile=/etc/kubernetes/kubelet ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /var/lib/calico +ExecStartPre=/bin/mkdir -p /var/lib/containerd +ExecStartPre=/bin/mkdir -p /var/lib/docker ExecStartPre=/bin/mkdir -p /var/lib/kubelet/volumeplugins ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=-/bin/bash -c '/usr/bin/podman run --privileged --user root --net host --entrypoint /bin/bash --rm --volume /usr/local/bin:/host/usr/local/bin \${CONTAINER_INFRA_PREFIX:-k8s.gcr.io/}hyperkube:\${KUBE_TAG} -c "cp /usr/local/bin/kubectl /host/usr/local/bin/kubectl"' @@ -93,6 +95,7 @@ ExecStart=/bin/bash -c '/usr/bin/podman run --name kubelet \\ --volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \\ --volume /var/lib/calico:/var/lib/calico \\ --volume /var/lib/docker:/var/lib/docker \\ + --volume /var/lib/containerd:/var/lib/containerd \\ --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \\ --volume /var/log:/var/log \\ --volume /var/run:/var/run \\ @@ -266,6 +269,12 @@ KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-fil # specified cgroup driver KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}" +if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then + KUBELET_ARGS="${KUBELET_ARGS} --runtime-cgroups=/system.slice/containerd.service" + KUBELET_ARGS="${KUBELET_ARGS} --container-runtime=remote" + KUBELET_ARGS="${KUBELET_ARGS} --runtime-request-timeout=15m" + KUBELET_ARGS="${KUBELET_ARGS} --container-runtime-endpoint=unix:///run/containerd/containerd.sock" +fi auto_healing_enabled=$(echo ${AUTO_HEALING_ENABLED} | tr '[:upper:]' '[:lower:]') autohealing_controller=$(echo ${AUTO_HEALING_CONTROLLER} | tr '[:upper:]' '[:lower:]') @@ -273,21 +282,6 @@ if [[ "${auto_healing_enabled}" = "true" && "${autohealing_controller}" = "drain KUBELET_ARGS="${KUBELET_ARGS} --node-labels=draino-enabled=true" fi -$ssh_cmd systemctl disable docker -if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then - $ssh_cmd "cp /usr/lib/systemd/system/docker.service /etc/systemd/system/" - sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \ - /etc/systemd/system/docker.service -else - cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF -ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER -EOF - -fi - -$ssh_cmd systemctl daemon-reload -$ssh_cmd systemctl enable docker - KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" sed -i ' diff --git a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh index 4dae3112eb..9b0ebf5c18 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh @@ -16,8 +16,13 @@ while [ ! -f /etc/kubernetes/certs/ca.key ] && \ done echo "starting services" +if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then + container_runtime_service="containerd" +else + container_runtime_service="docker" +fi for action in enable restart; do - for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do + for service in etcd ${container_runtime_service} kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do echo "$action service $service" $ssh_cmd systemctl $action $service done diff --git a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh index 1dc37e5f48..d492b8176d 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh @@ -8,13 +8,20 @@ ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost" # so we need to stop it first and delete the docker0 bridge (which will # be re-created using the flannel-provided subnet). echo "stopping docker" -$ssh_cmd systemctl stop docker +if [ ${CONTAINER_RUNTIME} != "containerd" ] ; then + $ssh_cmd systemctl stop docker +fi # make sure we pick up any modified unit files $ssh_cmd systemctl daemon-reload +if [ ${CONTAINER_RUNTIME} = "containerd" ] ; then + container_runtime_service="containerd" +else + container_runtime_service="docker" +fi for action in enable restart; do - for service in docker kubelet kube-proxy; do + for service in ${container_runtime_service} kubelet kube-proxy; do echo "$action service $service" $ssh_cmd systemctl $action $service done diff --git a/magnum/drivers/common/templates/kubernetes/fragments/install-cri.sh b/magnum/drivers/common/templates/kubernetes/fragments/install-cri.sh new file mode 100644 index 0000000000..59e5b18b5a --- /dev/null +++ b/magnum/drivers/common/templates/kubernetes/fragments/install-cri.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +set +x + +echo "START: install cri" + +. /etc/sysconfig/heat-params +set -x + +ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost" + +if [ "${CONTAINER_RUNTIME}" = "containerd" ] ; then + $ssh_cmd systemctl disable docker + if [ -z "${CONTAINERD_TARBALL_URL}" ] ; then + CONTAINERD_TARBALL_URL="https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz" + fi + i=0 + until curl -o /srv/magnum/cri-containerd.tar.gz "${CONTAINERD_TARBALL_URL}" + do + i=$((i + 1)) + [ $i -lt 5 ] || break; + sleep 5 + done + + if ! echo "${CONTAINERD_TARBALL_SHA256} /srv/magnum/cri-containerd.tar.gz" | sha256sum -c - ; then + echo "ERROR cri-containerd.tar.gz computed checksum did NOT match, exiting." + exit 1 + fi + $ssh_cmd tar xzvf /srv/magnum/cri-containerd.tar.gz -C / --no-same-owner --touch --no-same-permissions + $ssh_cmd systemctl daemon-reload + $ssh_cmd systemctl enable containerd + $ssh_cmd systemctl start containerd +else + # CONTAINER_RUNTIME=host-docker + $ssh_cmd systemctl disable docker + if $ssh_cmd cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then + $ssh_cmd cp /usr/lib/systemd/system/docker.service /etc/systemd/system/ + sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \ + /etc/systemd/system/docker.service + else + cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF + ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER +EOF + fi + + $ssh_cmd systemctl daemon-reload + $ssh_cmd systemctl enable docker +fi + +echo "END: install cri" diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.sh index 28f3a60a4c..96967f0f84 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.sh @@ -118,6 +118,10 @@ NODEGROUP_ROLE="$NODEGROUP_ROLE" NODEGROUP_NAME="$NODEGROUP_NAME" USE_PODMAN="$USE_PODMAN" KUBE_IMAGE_DIGEST="$KUBE_IMAGE_DIGEST" +CONTAINER_RUNTIME="$CONTAINER_RUNTIME" +CONTAINERD_VERSION="$CONTAINERD_VERSION" +CONTAINERD_TARBALL_URL="$CONTAINERD_TARBALL_URL" +CONTAINERD_TARBALL_SHA256="$CONTAINERD_TARBALL_SHA256" EOF } diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.sh b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.sh index 44c781b111..d082d85c83 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.sh @@ -64,6 +64,10 @@ AUTO_HEALING_CONTROLLER="$AUTO_HEALING_CONTROLLER" NODEGROUP_ROLE="$NODEGROUP_ROLE" NODEGROUP_NAME="$NODEGROUP_NAME" USE_PODMAN="$USE_PODMAN" +CONTAINER_RUNTIME="$CONTAINER_RUNTIME" +CONTAINERD_VERSION="$CONTAINERD_VERSION" +CONTAINERD_TARBALL_URL="$CONTAINERD_TARBALL_URL" +CONTAINERD_TARBALL_SHA256="$CONTAINERD_TARBALL_SHA256" EOF } diff --git a/magnum/drivers/heat/k8s_fedora_template_def.py b/magnum/drivers/heat/k8s_fedora_template_def.py index 12fbdba1e9..59f69d76cc 100644 --- a/magnum/drivers/heat/k8s_fedora_template_def.py +++ b/magnum/drivers/heat/k8s_fedora_template_def.py @@ -78,6 +78,10 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition): 'kube_tag', 'container_infra_prefix', 'availability_zone', 'cgroup_driver', + 'container_runtime', + 'containerd_version', + 'containerd_tarball_url', + 'containerd_tarball_sha256', 'calico_tag', 'calico_kube_controllers_tag', 'calico_ipv4pool', 'calico_ipv4pool_ipip', diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml index aad40a6a79..798af2cc67 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml @@ -820,6 +820,26 @@ parameters: The digest of the image which should match the given kube_tag default: '' + container_runtime: + type: string + description: The container runtime to install + default: 'host-docker' + + containerd_version: + type: string + description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/ + default: '1.2.8' + + containerd_tarball_url: + type: string + description: Url location of the containerd tarball. + default: '' + + containerd_tarball_sha256: + type: string + description: sha256 of the target containerd tarball. + default: '1f2f0fb928179df90492a83c326a194b8e9d992538498efb44cbb6ef15465627' + resources: ###################################################################### @@ -1145,6 +1165,10 @@ resources: ostree_remote: {get_param: ostree_remote} ostree_commit: {get_param: ostree_commit} use_podman: {get_param: use_podman} + container_runtime: {get_param: container_runtime} + containerd_version: {get_param: containerd_version} + containerd_tarball_url: {get_param: containerd_tarball_url} + containerd_tarball_sha256: {get_param: containerd_tarball_sha256} kube_cluster_config: condition: create_cluster_resources @@ -1308,6 +1332,10 @@ resources: ostree_remote: {get_param: ostree_remote} ostree_commit: {get_param: ostree_commit} use_podman: {get_param: use_podman} + container_runtime: {get_param: container_runtime} + containerd_version: {get_param: containerd_version} + containerd_tarball_url: {get_param: containerd_tarball_url} + containerd_tarball_sha256: {get_param: containerd_tarball_sha256} outputs: diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml index c9e67a3a02..82137a122f 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml @@ -575,6 +575,22 @@ parameters: description: > if true, run system containers for kubernetes, etcd and heat-agent + container_runtime: + type: string + description: The container runtime to install + + containerd_version: + type: string + description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/ + + containerd_tarball_url: + type: string + description: Url location of the containerd tarball. + + containerd_tarball_sha256: + type: string + description: sha256 of the target containerd tarball. + conditions: image_based: {equals: [{get_param: boot_volume_size}, 0]} @@ -749,6 +765,11 @@ resources: "$NODEGROUP_ROLE": {get_param: nodegroup_role} "$NODEGROUP_NAME": {get_param: nodegroup_name} "$USE_PODMAN": {get_param: use_podman} + "$CONTAINER_RUNTIME": {get_param: container_runtime} + "$CONTAINERD_VERSION": {get_param: containerd_version} + "$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url} + "$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256} + - get_file: ../../common/templates/kubernetes/fragments/install-cri.sh - get_file: ../../common/templates/kubernetes/fragments/make-cert.sh - str_replace: template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh} diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml index 47343810eb..c2887d90ed 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml @@ -327,6 +327,22 @@ parameters: description: > if true, run system containers for kubernetes, etcd and heat-agent + container_runtime: + type: string + description: The container runtime to install + + containerd_version: + type: string + description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/ + + containerd_tarball_url: + type: string + description: Url location of the containerd tarball. + + containerd_tarball_sha256: + type: string + description: sha256 of the target containerd tarball. + conditions: image_based: {equals: [{get_param: boot_volume_size}, 0]} @@ -432,6 +448,11 @@ resources: $NODEGROUP_ROLE: {get_param: nodegroup_role} $NODEGROUP_NAME: {get_param: nodegroup_name} $USE_PODMAN: {get_param: use_podman} + $CONTAINER_RUNTIME: {get_param: container_runtime} + $CONTAINERD_VERSION: {get_param: containerd_version} + $CONTAINERD_TARBALL_URL: {get_param: containerd_tarball_url} + $CONTAINERD_TARBALL_SHA256: {get_param: containerd_tarball_sha256} + - get_file: ../../common/templates/kubernetes/fragments/install-cri.sh - get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh - get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh - get_file: ../../common/templates/fragments/configure-docker-registry.sh diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml index c1920f228f..81f2829b75 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml @@ -822,6 +822,26 @@ parameters: The digest of the image which should match the given kube_tag default: '' + container_runtime: + type: string + description: The container runtime to install + default: 'host-docker' + + containerd_version: + type: string + description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/ + default: '1.2.8' + + containerd_tarball_url: + type: string + description: Url location of the containerd tarball. + default: '' + + containerd_tarball_sha256: + type: string + description: sha256 of the target containerd tarball. + default: '1f2f0fb928179df90492a83c326a194b8e9d992538498efb44cbb6ef15465627' + resources: ###################################################################### @@ -1149,6 +1169,10 @@ resources: ostree_commit: {get_param: ostree_commit} use_podman: {get_param: use_podman} kube_image_digest: {get_param: kube_image_digest} + container_runtime: {get_param: container_runtime} + containerd_version: {get_param: containerd_version} + containerd_tarball_url: {get_param: containerd_tarball_url} + containerd_tarball_sha256: {get_param: containerd_tarball_sha256} kube_cluster_config: condition: create_cluster_resources @@ -1313,6 +1337,10 @@ resources: ostree_remote: {get_param: ostree_remote} ostree_commit: {get_param: ostree_commit} use_podman: {get_param: use_podman} + container_runtime: {get_param: container_runtime} + containerd_version: {get_param: containerd_version} + containerd_tarball_url: {get_param: containerd_tarball_url} + containerd_tarball_sha256: {get_param: containerd_tarball_sha256} outputs: diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml index e83992abe9..16b6c71692 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml @@ -585,6 +585,22 @@ parameters: The digest of the image which should match the given kube_tag default: '' + container_runtime: + type: string + description: The container runtime to install + + containerd_version: + type: string + description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/ + + containerd_tarball_url: + type: string + description: Url location of the containerd tarball. + + containerd_tarball_sha256: + type: string + description: sha256 of the target containerd tarball. + conditions: image_based: {equals: [{get_param: boot_volume_size}, 0]} @@ -762,6 +778,11 @@ resources: "$NODEGROUP_NAME": {get_param: nodegroup_name} "$USE_PODMAN": {get_param: use_podman} "$KUBE_IMAGE_DIGEST": {get_param: kube_image_digest} + "$CONTAINER_RUNTIME": {get_param: container_runtime} + "$CONTAINERD_VERSION": {get_param: containerd_version} + "$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url} + "$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256} + - get_file: ../../common/templates/kubernetes/fragments/install-cri.sh - get_file: ../../common/templates/kubernetes/fragments/make-cert.sh - str_replace: template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh} diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml index 62f812c806..8c58d426cd 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml @@ -329,6 +329,22 @@ parameters: description: > If true, run system containers for kubernetes, etcd and heat-agent + container_runtime: + type: string + description: The container runtime to install + + containerd_version: + type: string + description: The containerd version to download from https://storage.googleapis.com/cri-containerd-release/ + + containerd_tarball_url: + type: string + description: Url location of the containerd tarball. + + containerd_tarball_sha256: + type: string + description: sha256 of the target containerd tarball. + conditions: image_based: {equals: [{get_param: boot_volume_size}, 0]} @@ -436,6 +452,11 @@ resources: $NODEGROUP_ROLE: {get_param: nodegroup_role} $NODEGROUP_NAME: {get_param: nodegroup_name} $USE_PODMAN: {get_param: use_podman} + $CONTAINER_RUNTIME: {get_param: container_runtime} + $CONTAINERD_VERSION: {get_param: containerd_version} + $CONTAINERD_TARBALL_URL: {get_param: containerd_tarball_url} + $CONTAINERD_TARBALL_SHA256: {get_param: containerd_tarball_sha256} + - get_file: ../../common/templates/kubernetes/fragments/install-cri.sh - get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh - get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh - get_file: ../../common/templates/fragments/configure-docker-registry.sh diff --git a/magnum/tests/unit/drivers/test_template_definition.py b/magnum/tests/unit/drivers/test_template_definition.py index dfad754693..2279da2c53 100644 --- a/magnum/tests/unit/drivers/test_template_definition.py +++ b/magnum/tests/unit/drivers/test_template_definition.py @@ -589,6 +589,12 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): ostree_remote = mock_cluster.labels.get('ostree_remote') ostree_commit = mock_cluster.labels.get('ostree_commit') use_podman = mock_cluster.labels.get('use_podman') + container_runtime = mock_cluster.labels.get('container_runtime') + containerd_version = mock_cluster.labels.get('containerd_version') + containerd_tarball_url = mock_cluster.labels.get( + 'containerd_tarball_url') + containerd_tarball_sha256 = mock_cluster.labels.get( + 'containerd_tarball_sha256') kube_image_digest = mock_cluster.labels.get('kube_image_digest') k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition() @@ -687,6 +693,10 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'ostree_commit': ostree_commit, 'use_podman': use_podman, 'kube_image_digest': kube_image_digest, + 'container_runtime': container_runtime, + 'containerd_version': containerd_version, + 'containerd_tarball_url': containerd_tarball_url, + 'containerd_tarball_sha256': containerd_tarball_sha256, }} mock_get_params.assert_called_once_with(mock_context, mock_cluster_template, @@ -1058,6 +1068,12 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): ostree_remote = mock_cluster.labels.get('ostree_remote') ostree_commit = mock_cluster.labels.get('ostree_commit') use_podman = mock_cluster.labels.get('use_podman') + container_runtime = mock_cluster.labels.get('container_runtime') + containerd_version = mock_cluster.labels.get('containerd_version') + containerd_tarball_url = mock_cluster.labels.get( + 'containerd_tarball_url') + containerd_tarball_sha256 = mock_cluster.labels.get( + 'containerd_tarball_sha256') kube_image_digest = mock_cluster.labels.get('kube_image_digest') k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition() @@ -1158,6 +1174,10 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'ostree_commit': ostree_commit, 'use_podman': use_podman, 'kube_image_digest': kube_image_digest, + 'container_runtime': container_runtime, + 'containerd_version': containerd_version, + 'containerd_tarball_url': containerd_tarball_url, + 'containerd_tarball_sha256': containerd_tarball_sha256, }} mock_get_params.assert_called_once_with(mock_context, mock_cluster_template, diff --git a/releasenotes/notes/containerd-598761bb536af6ba.yaml b/releasenotes/notes/containerd-598761bb536af6ba.yaml new file mode 100644 index 0000000000..21809281ee --- /dev/null +++ b/releasenotes/notes/containerd-598761bb536af6ba.yaml @@ -0,0 +1,21 @@ +--- +features: + - | + New labels to support containerd as a runtime. + + container_runtime + The container runtime to use. Empty value means, use docker from the + host. Since ussuri, apart from empty (host-docker), containerd is also + an option. + + containerd_version + The containerd version to use as released in + https://github.com/containerd/containerd/releases and + https://storage.googleapis.com/cri-containerd-release/ + + containerd_tarball_url + Url with the tarball of containerd's binaries. + + containerd_tarball_sha256 + sha256 of the tarball fetched with containerd_tarball_url or from + https://storage.googleapis.com/cri-containerd-release/.