switch to crio

config.tf

@@ -63,14 +63,14 @@ variable "tectonic_container_images" {
     etcd_cert_signer                     = "quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6"
     etcd                                 = "quay.io/coreos/etcd:v3.2.14"
     hyperkube                            = "openshift/origin-node:latest"
-    kube_core_renderer                   = "quay.io/coreos/kube-core-renderer-dev:1d6f71ac5b980309452d4f4539327cb54d2992be"
-    kube_core_operator                   = "quay.io/coreos/kube-core-operator-dev:1d6f71ac5b980309452d4f4539327cb54d2992be"
-    tectonic_channel_operator            = "quay.io/coreos/tectonic-channel-operator-dev:1d6f71ac5b980309452d4f4539327cb54d2992be"
-    kube_addon_operator                  = "quay.io/coreos/kube-addon-operator-dev:1d6f71ac5b980309452d4f4539327cb54d2992be"
+    kube_core_renderer                   = "quay.io/coreos/kube-core-renderer-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
+    kube_core_operator                   = "quay.io/coreos/kube-core-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
+    tectonic_channel_operator            = "quay.io/coreos/tectonic-channel-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
+    kube_addon_operator                  = "quay.io/coreos/kube-addon-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
     tectonic_alm_operator                = "quay.io/coreos/tectonic-alm-operator:v0.3.1"
-    tectonic_ingress_controller_operator = "quay.io/coreos/tectonic-ingress-controller-operator-dev:1d6f71ac5b980309452d4f4539327cb54d2992be"
-    tectonic_utility_operator            = "quay.io/coreos/tectonic-utility-operator-dev:1d6f71ac5b980309452d4f4539327cb54d2992be"
-    tectonic_network_operator            = "quay.io/coreos/tectonic-network-operator-dev:1d6f71ac5b980309452d4f4539327cb54d2992be"
+    tectonic_ingress_controller_operator = "quay.io/coreos/tectonic-ingress-controller-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
+    tectonic_utility_operator            = "quay.io/coreos/tectonic-utility-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
+    tectonic_network_operator            = "quay.io/coreos/tectonic-network-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
   }
 }
 

modules/ignition/assets.tf

@@ -16,3 +16,13 @@ data "ignition_systemd_unit" "kubelet" {
   enabled = true
   content = "${data.template_file.kubelet.rendered}"
 }
+
+data "ignition_file" "sysconfig_crio_network" {
+  filesystem = "root"
+  mode       = "0644"
+  path       = "/etc/sysconfig/crio-network"
+
+  content {
+    content = "${file("${path.module}/resources/files/crio-network")}"
+  }
+}

modules/ignition/outputs.tf

@@ -18,6 +18,7 @@ output "ignition_file_id_list" {
     "${data.ignition_file.root_ca_cert_pem.id}",
     "${data.ignition_file.ingress_ca_cert_pem.id}",
     "${data.ignition_file.etcd_ca_cert_pem.id}",
+    "${data.ignition_file.sysconfig_crio_network.id}",
   ]
 }
 

modules/ignition/resources/files/crio-network

@@ -0,0 +1 @@
+CRIO_NETWORK_OPTIONS="--cni-config-dir=/etc/kubernetes/cni/net.d --cni-plugin-dir=/var/lib/cni/bin"

modules/ignition/resources/services/kubelet.service

@@ -5,15 +5,17 @@ Wants=rpc-statd.service
 [Service]
 ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests
 ExecStartPre=/usr/bin/bash -c "gawk '/certificate-authority-data/ {print $2}' /etc/kubernetes/kubeconfig | base64 --decode > /etc/kubernetes/ca.crt"
+Environment=KUBELET_RUNTIME_REQUEST_TIMEOUT=10m
+EnvironmentFile=-/etc/kubernetes/kubelet-env
 
 ExecStart=/usr/bin/hyperkube \
   kubelet \
     --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
     --kubeconfig=/var/lib/kubelet/kubeconfig \
     --rotate-certificates \
-    --cni-conf-dir=/etc/kubernetes/cni/net.d \
-    --cni-bin-dir=/var/lib/cni/bin \
-    --network-plugin=cni \
+    --container-runtime=remote \
+    --container-runtime-endpoint=unix:///var/run/crio/crio.sock \
+    --runtime-request-timeout=$${KUBELET_RUNTIME_REQUEST_TIMEOUT} \
     --lock-file=/var/run/lock/kubelet.lock \
     --exit-on-lock-contention \
     --pod-manifest-path=/etc/kubernetes/manifests \