Set containerd version to 1.4.4 (kubernetes-sigs#7398)

* Set containerd version to 1.4.3 * Set containerd version to 1.4.4 Co-authored-by: Barry Melbourne <[email protected]>
sakuraiyuta · Apr 16, 2022 · dd49d57 · dd49d57
1 parent b78ae86
commit dd49d57
Show file tree

Hide file tree

Showing 19 changed files with 176 additions and 212 deletions.
diff --git a/README.md b/README.md
@@ -131,7 +131,7 @@ Note: Upstart/SysV init based OS types are not supported.
   - [kubernetes](https://github.com/kubernetes/kubernetes) v1.20.5
   - [etcd](https://github.com/coreos/etcd) v3.4.13
   - [docker](https://www.docker.com/) v19.03 (see note)
-  - [containerd](https://containerd.io/) v1.3.9
+  - [containerd](https://containerd.io/) v1.4.4
   - [cri-o](http://cri-o.io/) v1.19 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
   - [cni-plugins](https://github.com/containernetworking/plugins) v0.9.0

diff --git a/docs/containerd.md b/docs/containerd.md
@@ -22,16 +22,10 @@ etcd_deployment_type: host
 Example: define registry mirror for docker hub
 
 ```yaml
-containerd_config:
-  grpc:
-    max_recv_message_size: 16777216
-    max_send_message_size: 16777216
-  debug:
-    level: ""
-  registries:
-    "docker.io":
-      - "https://mirror.gcr.io"
-      - "https://registry-1.docker.io"
+containerd_registries:
+  "docker.io":
+    - "https://mirror.gcr.io"
+    - "https://registry-1.docker.io"
 ```
 
 [containerd]: https://containerd.io/
diff --git a/docs/upgrades.md b/docs/upgrades.md
@@ -7,6 +7,7 @@ You can also individually control versions of components by explicitly defining
 versions. Here are all version vars for each component:
 
 * docker_version
+* containerd_version
 * kube_version
 * etcd_version
 * calico_version
@@ -283,6 +284,7 @@ installed in the Ansible playbook. The order of component installation is as
 follows:
 
 * Docker
+* Containerd
 * etcd
 * kubelet and kube-proxy
 * network_plugin (such as Calico or Weave)

diff --git a/docs/vars.md b/docs/vars.md
@@ -18,6 +18,7 @@ Some variables of note include:
 * *docker_version* - Specify version of Docker to used (should be quoted
   string). Must match one of the keys defined for *docker_versioned_pkg*
   in `roles/container-engine/docker/vars/*.yml`.
+* *containerd_version* - Specify version of Containerd to use
 * *etcd_version* - Specify version of ETCD to use
 * *ipip* - Enables Calico ipip encapsulation by default
 * *kube_network_plugin* - Sets k8s network plugin (default Calico)
@@ -115,7 +116,8 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
 * *docker_options* - Commonly used to set
   ``--insecure-registry=myregistry.mydomain:5000``
 * *docker_plugins* - This list can be used to define [Docker plugins](https://docs.docker.com/engine/extend/) to install.
-* *containerd_config* - Controls some parameters in containerd configuration file (usually /etc/containerd/config.toml).
+* *containerd_default_runtime* - Sets the default Containerd runtime used by the Kubernetes CRI plugin.
+* *containerd_runtimes* - Sets the Containerd runtime attributes used by the Kubernetes CRI plugin.
   [Default config](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/container-engine/containerd/defaults/main.yml) can be overriden in inventory vars.
 * *http_proxy/https_proxy/no_proxy/no_proxy_exclude_workers/additional_no_proxy* - Proxy variables for deploying behind a
   proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames

diff --git a/inventory/sample/group_vars/all/containerd.yml b/inventory/sample/group_vars/all/containerd.yml
@@ -1,19 +1,30 @@
 ---
 # Please see roles/container-engine/containerd/defaults/main.yml for more configuration options
 
-# Example: define registry mirror for docker hub
-
-# containerd_config:
-#   grpc:
-#     max_recv_message_size: 16777216
-#     max_send_message_size: 16777216
-#   debug:
-#     level: ""
-#   registries:
-#     "docker.io":
-#       - "https://mirror.gcr.io"
-#       - "https://registry-1.docker.io"
-#   max_container_log_line_size: -1
-#   metrics:
-#     address: ""
-#     grpc_histogram: false
+# containerd_default_runtime: "runc"
+# containerd_snapshotter: "native"
+
+# containerd_runtimes:
+#   - name: runc
+#     type: "io.containerd.runc.v2"
+#     engine: ""
+#     root: ""
+# Example for Kata Containers as additional runtime:
+#   - name: kata
+#     type: "io.containerd.kata.v2"
+#     engine: ""
+#     root: ""
+
+# containerd_grpc_max_recv_message_size: 16777216
+# containerd_grpc_max_send_message_size: 16777216
+
+# containerd_debug_level: "info"
+
+# containerd_metrics_address: ""
+
+# containerd_metrics_grpc_histogram: false
+
+# containerd_registries:
+#   "docker.io": "https://registry-1.docker.io"
+
+# containerd_max_container_log_line_size: -1
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -198,30 +198,16 @@ container_manager: docker
 kata_containers_enabled: false
 
 ## Settings for containerd runtimes (only used when container_manager is set to containerd)
-#
-# Settings for default containerd runtime
-# containerd_default_runtime:
-#   type: io.containerd.runtime.v1.linux
-#   engine: ''
-#   root: ''
-#
-# Settings for additional runtimes for containerd configuration
 # containerd_runtimes:
-#   - name: ""
-#     type: ""
-#     engine: ""
-#     root: ""
+#  - name: runc
+#    type: "io.containerd.runc.v2"
+#    engine: ""
+#    root: ""
 # Example for Kata Containers as additional runtime:
-# containerd_runtimes:
-#   - name: kata
-#     type: io.containerd.kata.v2
-#     engine: ""
-#     root: ""
-#
-# Settings for untrusted containerd runtime
-# containerd_untrusted_runtime_type: ''
-# containerd_untrusted_runtime_engine: ''
-# containerd_untrusted_runtime_root: ''
+#  - name: kata
+#    type: io.containerd.kata.v2
+#    engine: ""
+#    root: ""
 
 kubeadm_certificate_key: "{{ lookup('password', credentials_dir + '/kubeadm_certificate_key.creds length=64 chars=hexdigits') | lower }}"
 

diff --git a/roles/container-engine/containerd-common/defaults/main.yml b/roles/container-engine/containerd-common/defaults/main.yml
@@ -1,3 +1,2 @@
 ---
-containerd_version: '1.3.9'
 containerd_package: 'containerd.io'
diff --git a/roles/container-engine/containerd-common/vars/debian-stretch.yml b/roles/container-engine/containerd-common/vars/debian-stretch.yml
@@ -0,0 +1,8 @@
+---
+containerd_versioned_pkg:
+  'latest': "{{ containerd_package }}"
+  '1.3.7': "{{ containerd_package }}=1.3.7-1"
+  '1.3.9': "{{ containerd_package }}=1.3.9-1"
+  '1.4.3': "{{ containerd_package }}=1.4.3-1"
+  'stable': "{{ containerd_package }}=1.4.3-1"
+  'edge': "{{ containerd_package }}=1.4.3-1"
diff --git a/roles/container-engine/containerd-common/vars/debian.yml b/roles/container-engine/containerd-common/vars/debian.yml
@@ -1,13 +1,9 @@
 ---
 containerd_versioned_pkg:
   'latest': "{{ containerd_package }}"
-  '1.2.4': "{{ containerd_package }}=1.2.4-1"
-  '1.2.5': "{{ containerd_package }}=1.2.5-1"
-  '1.2.6': "{{ containerd_package }}=1.2.6-3"
-  '1.2.10': "{{ containerd_package }}=1.2.10-3"
-  '1.2.12': "{{ containerd_package }}=1.2.12-1"
-  '1.2.13': "{{ containerd_package }}=1.2.13-2"
   '1.3.7': "{{ containerd_package }}=1.3.7-1"
   '1.3.9': "{{ containerd_package }}=1.3.9-1"
-  'stable': "{{ containerd_package }}=1.3.9-1"
-  'edge': "{{ containerd_package }}=1.3.9-1"
+  '1.4.3': "{{ containerd_package }}=1.4.3-2"
+  '1.4.4': "{{ containerd_package }}=1.4.4-1"
+  'stable': "{{ containerd_package }}=1.4.4-1"
+  'edge': "{{ containerd_package }}=1.4.4-1"
diff --git a/roles/container-engine/containerd-common/vars/fedora.yml b/roles/container-engine/containerd-common/vars/fedora.yml
@@ -1,10 +1,9 @@
 ---
 containerd_versioned_pkg:
   'latest': "{{ containerd_package }}"
-  '1.2.10': "{{ containerd_package }}-1.2.10-3.2.fc{{ ansible_distribution_major_version }}"
-  '1.2.12': "{{ containerd_package }}-1.2.12-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.2.13': "{{ containerd_package }}-1.2.13-3.2.fc{{ ansible_distribution_major_version }}"
   '1.3.7': "{{ containerd_package }}-1.3.7-3.1.fc{{ ansible_distribution_major_version }}"
   '1.3.9': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
-  'stable': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
-  'edge': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
+  '1.4.3': "{{ containerd_package }}-1.4.3-3.2.fc{{ ansible_distribution_major_version }}"
+  '1.4.4': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
+  'stable': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
+  'edge': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
diff --git a/roles/container-engine/containerd-common/vars/redhat.yml b/roles/container-engine/containerd-common/vars/redhat.yml
@@ -1,13 +1,9 @@
 ---
 containerd_versioned_pkg:
   'latest': "{{ containerd_package }}"
-  '1.2.4': "{{ containerd_package }}-1.2.4-3.1.el7"
-  '1.2.5': "{{ containerd_package }}-1.2.5-3.1.el7"
-  '1.2.6': "{{ containerd_package }}-1.2.6-3.3.el7"
-  '1.2.10': "{{ containerd_package }}-1.2.10-3.2.el7"
-  '1.2.12': "{{ containerd_package }}-1.2.12-3.1.el7"
-  '1.2.13': "{{ containerd_package }}-1.2.13-3.2.el7"
   '1.3.7': "{{ containerd_package }}-1.3.7-3.1.el{{ ansible_distribution_major_version }}"
   '1.3.9': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
-  'stable': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
-  'edge': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
+  '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el{{ ansible_distribution_major_version }}"
+  '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
+  'stable': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
+  'edge': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
diff --git a/roles/container-engine/containerd-common/vars/ubuntu.yml b/roles/container-engine/containerd-common/vars/ubuntu.yml
@@ -1,10 +1,9 @@
 ---
 containerd_versioned_pkg:
   'latest': "{{ containerd_package }}"
-  '1.2.10': "{{ containerd_package }}=1.2.10-3"
-  '1.2.12': "{{ containerd_package }}=1.2.12-1"
-  '1.2.13': "{{ containerd_package }}=1.2.13-2"
   '1.3.7': "{{ containerd_package }}=1.3.7-1"
   '1.3.9': "{{ containerd_package }}=1.3.9-1"
-  'stable': "{{ containerd_package }}=1.3.9-1"
-  'edge': "{{ containerd_package }}=1.3.9-1"
+  '1.4.3': "{{ containerd_package }}=1.4.3-2"
+  '1.4.4': "{{ containerd_package }}=1.4.4-1"
+  'stable': "{{ containerd_package }}=1.4.4-1"
+  'edge': "{{ containerd_package }}=1.4.4-1"
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
@@ -1,27 +1,40 @@
 ---
-# The root directory for containerd metadata
-containerd_metadata_root_dir: /var/lib/containerd
-# The state directory for containerd
-containerd_state_dir: /run/containerd
-
-containerd_config:
-  grpc:
-    max_recv_message_size: 16777216
-    max_send_message_size: 16777216
-  debug:
-    level: ""
-  registries:
-    "docker.io": "https://registry-1.docker.io"
-  max_container_log_line_size: -1
-  # containerd:
-  #   snapshotter: native
+
+containerd_default_runtime: "runc"
+# containerd_snapshotter: "native"
+
+containerd_runtimes:
+  - name: runc
+    type: "io.containerd.runc.v2"
+    engine: ""
+    root: ""
+    options:
+      systemdCgroup: "true"
+# Example for Kata Containers as additional runtime:
+#  - name: kata
+#    type: "io.containerd.kata.v2"
+#    engine: ""
+#    root: ""
+
+containerd_grpc_max_recv_message_size: 16777216
+containerd_grpc_max_send_message_size: 16777216
+
+containerd_debug_level: "info"
+
+containerd_metrics_address: ""
+
+containerd_metrics_grpc_histogram: false
+
+containerd_registries:
+  "docker.io": "https://registry-1.docker.io"
+
+containerd_max_container_log_line_size: -1
 
 containerd_cfg_dir: /etc/containerd
 
 # Path to runc binary
 runc_binary: /usr/bin/runc
 
-
 yum_repo_dir: /etc/yum.repos.d
 
 # Optional values for containerd apt repo
@@ -36,38 +49,18 @@ containerd_repo_info:
 
 # Ubuntu docker-ce repo
 containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
-containerd_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
-containerd_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
-containerd_ubuntu_repo_component: 'stable'
+containerd_ubuntu_repo_gpgkey: "https://download.docker.com/linux/ubuntu/gpg"
+containerd_ubuntu_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+containerd_ubuntu_repo_component: "stable"
 
 # Debian docker-ce repo
-containerd_debian_repo_base_url: 'https://download.docker.com/linux/debian'
-containerd_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg'
-containerd_debian_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
-containerd_debian_repo_component: 'stable'
+containerd_debian_repo_base_url: "https://download.docker.com/linux/debian"
+containerd_debian_repo_gpgkey: "https://download.docker.com/linux/debian/gpg"
+containerd_debian_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+containerd_debian_repo_component: "stable"
 
 # Fedora docker-ce repo
-containerd_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable'
-containerd_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg'
-containerd_fedora_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
-containerd_fedora_repo_component: 'stable'
-
-containerd_default_runtime:
-  type: io.containerd.runtime.v1.linux
-  engine: ''
-  root: ''
-
-# Additional runtimes for containerd configuration
-#
-# Example for Kata Containers:
-# containerd_runtimes:
-#   - name: kata
-#     type: io.containerd.kata.v2
-#     engine: ""
-#     root: ""
-#     privileged_without_host_devices: true
-containerd_runtimes: []
-
-containerd_untrusted_runtime_type: ''
-containerd_untrusted_runtime_engine: ''
-containerd_untrusted_runtime_root: ''
+containerd_fedora_repo_base_url: "https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable"
+containerd_fedora_repo_gpgkey: "https://download.docker.com/linux/fedora/gpg"
+containerd_fedora_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+containerd_fedora_repo_component: "stable"