From fad296616c6a1c739703fb13b79899d0b2644e48 Mon Sep 17 00:00:00 2001 From: Calin Cristian Andrei Date: Mon, 6 Jun 2022 18:18:22 +0300 Subject: [PATCH] [docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager --- docs/docker.md | 8 +------- inventory/sample/group_vars/all/docker.yml | 3 --- .../cri-dockerd/molecule/default/converge.yml | 1 - roles/container-engine/meta/main.yml | 8 -------- roles/download/defaults/main.yml | 4 ++-- roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 | 7 +------ roles/kubespray-defaults/defaults/main.yaml | 7 +------ tests/files/packet_almalinux8-docker.yml | 1 - tests/files/packet_ubuntu20-aio-docker.yml | 1 - 9 files changed, 5 insertions(+), 35 deletions(-) diff --git a/docs/docker.md b/docs/docker.md index e68d55fa0..4abe11a79 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -8,13 +8,7 @@ Using the docker container manager: container_manager: docker ``` -Using `cri-dockerd` instead of `dockershim`: - -```yaml -cri_dockerd_enabled: false -``` - -*Note:* The `cri_dockerd_enabled: true` setting will become the default in a future kubespray release once kubespray 1.24+ is supported and `dockershim` is removed. At that point, changing this option will be deprecated and silently ignored. +*Note:* `cri-dockerd` has replaced `dockershim` across supported kubernetes version in kubespray 2.20. Enabling the `overlay2` graph driver: diff --git a/inventory/sample/group_vars/all/docker.yml b/inventory/sample/group_vars/all/docker.yml index f7a958712..4e968c300 100644 --- a/inventory/sample/group_vars/all/docker.yml +++ b/inventory/sample/group_vars/all/docker.yml @@ -57,6 +57,3 @@ docker_rpm_keepcache: 1 ## A string of extra options to pass to the docker daemon. ## This string should be exactly as you wish it to appear. # docker_options: "" - -## Use CRI-DockerD instead of dockershim -# cri_dockerd_enabled: false diff --git a/roles/container-engine/cri-dockerd/molecule/default/converge.yml b/roles/container-engine/cri-dockerd/molecule/default/converge.yml index 66ace6c95..be6fa3812 100644 --- a/roles/container-engine/cri-dockerd/molecule/default/converge.yml +++ b/roles/container-engine/cri-dockerd/molecule/default/converge.yml @@ -4,7 +4,6 @@ become: true vars: container_manager: docker - cri_dockerd_enabled: true roles: - role: kubespray-defaults - role: container-engine/cri-dockerd diff --git a/roles/container-engine/meta/main.yml b/roles/container-engine/meta/main.yml index 1b8fce430..3e068d60a 100644 --- a/roles/container-engine/meta/main.yml +++ b/roles/container-engine/meta/main.yml @@ -50,16 +50,8 @@ dependencies: - container-engine - containerd - - role: container-engine/docker - when: - - container_manager == 'docker' - tags: - - container-engine - - docker - - role: container-engine/cri-dockerd when: - - cri_dockerd_enabled - container_manager == 'docker' tags: - container-engine diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index b7ddc03cb..039fccea1 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -1001,7 +1001,7 @@ downloads: crictl: file: true - enabled: "{{ container_manager in ['crio', 'cri', 'containerd'] or cri_dockerd_enabled }}" + enabled: true version: "{{ crictl_version }}" dest: "{{ local_release_dir }}/crictl-{{ crictl_version }}-linux-{{ image_arch }}.tar.gz" sha256: "{{ crictl_binary_checksum }}" @@ -1014,7 +1014,7 @@ downloads: cri_dockerd: file: true - enabled: "{{ cri_dockerd_enabled }}" + enabled: "{{ container_manager == 'docker' }}" version: "{{ cri_dockerd_version }}" dest: "{{ local_release_dir }}/cri-dockerd-{{ cri_dockerd_version }}.{{ image_arch }}.tar.gz" sha256: "{{ cri_dockerd_archive_checksum }}" diff --git a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 index c84ac88d3..6029df529 100644 --- a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 +++ b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 @@ -12,9 +12,6 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}" --config={{ kube_config_dir }}/kubelet-config.yaml \ --kubeconfig={{ kube_config_dir }}/kubelet.conf \ {# end kubeadm specific settings #} -{% if container_manager == 'docker' and not cri_dockerd_enabled %} ---pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }} \ -{% else %} --container-runtime=remote \ --container-runtime-endpoint=unix://{{ cri_socket }} \ {% endif %} @@ -35,9 +32,7 @@ KUBELET_ARGS="{{ kubelet_args_base }} {% if node_taints|default([]) %}--register {% if kubelet_flexvolumes_plugins_dir is defined %} KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}" {% endif %} -{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "cni", "flannel", "weave", "cilium", "kube-ovn", "kube-router", "macvlan"] %} -KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" -{% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %} +{% if kube_network_plugin is defined and kube_network_plugin == "cloud" %} KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet" {% endif %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce", "external"] %} diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 35accf6c2..fa99b85bf 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -267,9 +267,6 @@ deploy_container_engine: "{{ inventory_hostname in groups['k8s_cluster'] or etcd # Container for runtime container_manager: containerd -# Enable CRI Docker interface -cri_dockerd_enabled: false - # Enable Kata Containers as additional container runtime # When enabled, it requires `container_manager` different than Docker kata_containers_enabled: false @@ -295,10 +292,8 @@ cri_socket: >- /var/run/crio/crio.sock {%- elif container_manager == 'containerd' -%} /var/run/containerd/containerd.sock - {%- elif cri_dockerd_enabled -%} + {%- elif container_manager == 'docker' -%} /var/run/cri-dockerd.sock - {%- else -%} - /var/run/dockershim.sock {%- endif -%} ## Uncomment this if you want to force overlay/overlay2 as docker storage driver diff --git a/tests/files/packet_almalinux8-docker.yml b/tests/files/packet_almalinux8-docker.yml index 6fd1fc0d7..bcc69cd53 100644 --- a/tests/files/packet_almalinux8-docker.yml +++ b/tests/files/packet_almalinux8-docker.yml @@ -8,4 +8,3 @@ vm_memory: 3072Mi container_manager: docker etcd_deployment_type: docker resolvconf_mode: docker_dns -cri_dockerd_enabled: true diff --git a/tests/files/packet_ubuntu20-aio-docker.yml b/tests/files/packet_ubuntu20-aio-docker.yml index df758d9b5..4089a6605 100644 --- a/tests/files/packet_ubuntu20-aio-docker.yml +++ b/tests/files/packet_ubuntu20-aio-docker.yml @@ -15,4 +15,3 @@ enable_nodelocaldns: False container_manager: docker etcd_deployment_type: docker resolvconf_mode: docker_dns -cri_dockerd_enabled: true