Merge branch 'topic/k8s-containerd'

author: Christian Pointner <equinox@spreadspace.org> 2021-05-15 21:00:42 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-05-15 21:00:42 +0200
commit: ae3f3e1ecd6e2ba860ed769c40a9a3e375dd11bc (patch)
tree: b0bc528fd8d3a198d7ab04cfddd9cfd22dc0dd8c /roles/kubernetes/base
parent: cosmetic fix (diff)
parent: bump kubernetes version for most standalone kubelets (diff)
3 files changed, 54 insertions, 14 deletions
diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml
index 66398ef2..97775b14 100644
--- a/roles/kubernetes/base/tasks/cri_containerd.yml
+++ b/roles/kubernetes/base/tasks/cri_containerd.yml
@@ -5,6 +5,30 @@
     that:
     - kubernetes_cri_socket == "unix:///run/containerd/containerd.sock"
 
+- name: switch to systemd cgroup driver
+  set_fact:
+    containerd_config_override:
+      plugins:
+        "io.containerd.grpc.v1.cri":
+          containerd:
+            runtimes:
+              runc:
+                options:
+                  SystemdCgroup: true
+
+- name: switch to zfs-snapshotter for cri
+  when: "containerd_storage is defined and containerd_storage.type == 'zfs'"
+  set_fact:
+    containerd_config_override_zfs:
+      plugins:
+        "io.containerd.grpc.v1.cri":
+          containerd:
+            snapshotter: "zfs"
+
+- name: override mandatory settings in containerd_config
+  set_fact:
+    containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) | combine((containerd_config_override_zfs | default({})), recursive=True) }}"
+
 - name: install containerd
   include_role:
     name: containerd
diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml
index 187d5893..88b35508 100644
--- a/roles/kubernetes/base/tasks/cri_docker.yml
+++ b/roles/kubernetes/base/tasks/cri_docker.yml
@@ -17,9 +17,17 @@
       After=docker.service
     dest: /etc/systemd/system/kubelet.service.d/after-docker.conf
 
-- name: disable bridge and iptables in docker daemon config
+- name: disable bridge and iptables in docker daemon config and switch to systemd cgroup driver
   set_fact:
-    docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}"
+    docker_daemon_config_override:
+      exec-opts:
+      - "native.cgroupdriver=systemd"
+      bridge: "none"
+      iptables: false
+
+- name: override mandatory settings in docker_daemon_config
+  set_fact:
+    docker_daemon_config: "{{ docker_daemon_config | default({}) | combine(docker_daemon_config_override, recursive=True, list_merge='append') }}"
 
 - name: install docker
   include_role:
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index a104b660..a13f04fa 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -9,24 +9,39 @@
   include_role:
     name: "storage/{{ kubelet_storage.type }}/volume"
 
-- name: add apt repository
+- name: add apt repository for kubernetes packages
   include_role:
     name: apt-repo/kubernetes
 
+- name: add apt repository for cri-tools
+  include_role:
+    name: apt-repo/github-containers
+
 - name: install kubelet and common packages
   apt:
     name:
     - bridge-utils
-    - cri-tools
+    - "cri-tools={{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1"
     - "kubelet={{ kubernetes_version }}-00"
     state: present
     force: yes
 
-- name: disable automatic upgrades for kubelet
+- name: disable automatic upgrades for kubelet and cri-tools
+  loop:
+  - kubelet
+  - cri-tools
   dpkg_selections:
-    name: kubelet
+    name: "{{ item }}"
     selection: hold
 
+- name: configure endpoints for crictl
+  when: kubernetes_cri_socket
+  copy:
+    dest: /etc/crictl.yaml
+    content: |
+      runtime-endpoint: "{{ kubernetes_cri_socket }}"
+      image-endpoint: "{{ kubernetes_cri_socket }}"
+
 - name: add crictl config for shells
   loop:
   - zsh
@@ -36,14 +51,7 @@
     create: yes
     marker: "### {mark} ANSIBLE MANAGED BLOCK for crictl ###"
     content: |
-      {% if kubernetes_cri_socket %}
-      alias crictl="crictl --runtime-endpoint {{ kubernetes_cri_socket }}"
-      {% endif %}
-      {% if item == 'zsh' %}
-      ## TODO: see https://github.com/kubernetes-sigs/cri-tools/issues/435
-      autoload -U +X bashcompinit && bashcompinit
-      {% endif %}
-      source <(crictl completion)
+      source <(crictl completion {{ item }})
 
 - name: add dummy group with gid 990
   group:
author	Christian Pointner <equinox@spreadspace.org>	2021-05-15 21:00:42 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-05-15 21:00:42 +0200
commit	ae3f3e1ecd6e2ba860ed769c40a9a3e375dd11bc (patch)
tree	b0bc528fd8d3a198d7ab04cfddd9cfd22dc0dd8c /roles/kubernetes/base
parent	cosmetic fix (diff)
parent	bump kubernetes version for most standalone kubelets (diff)