standalone kubelets using containerd

2 files changed, 25 insertions, 2 deletions

diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml
index 66398ef2..441360f7 100644
--- a/roles/kubernetes/base/tasks/cri_containerd.yml
+++ b/roles/kubernetes/base/tasks/cri_containerd.yml
@@ -5,6 +5,21 @@
     that:
     - kubernetes_cri_socket == "unix:///run/containerd/containerd.sock"
 
+- name: switch to systemd cgroup driver
+  set_fact:
+    containerd_config_override:
+      plugins:
+        "io.containerd.grpc.v1.cri":
+          containerd:
+            runtimes:
+              runc:
+                options:
+                  SystemdCgroup: true
+
+- name: override mandatory settings in containerd_config
+  set_fact:
+    containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) }}"
+
 - name: install containerd
   include_role:
     name: containerd
diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml
index 187d5893..88b35508 100644
--- a/roles/kubernetes/base/tasks/cri_docker.yml
+++ b/roles/kubernetes/base/tasks/cri_docker.yml
@@ -17,9 +17,17 @@
       After=docker.service
     dest: /etc/systemd/system/kubelet.service.d/after-docker.conf
 
-- name: disable bridge and iptables in docker daemon config
+- name: disable bridge and iptables in docker daemon config and switch to systemd cgroup driver
   set_fact:
-    docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}"
+    docker_daemon_config_override:
+      exec-opts:
+      - "native.cgroupdriver=systemd"
+      bridge: "none"
+      iptables: false
+
+- name: override mandatory settings in docker_daemon_config
+  set_fact:
+    docker_daemon_config: "{{ docker_daemon_config | default({}) | combine(docker_daemon_config_override, recursive=True, list_merge='append') }}"
 
 - name: install docker
   include_role: