diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-01-12 02:09:46 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-01-12 02:09:46 +0100 |
commit | 9410736d374ca68d5013f5f952dbce8d6b4fac66 (patch) | |
tree | 72fcb0c2b70ce0afc9db7c537e382232758a497d /roles | |
parent | Merge branch 'topic/no-more-kubic' (diff) | |
parent | containerd: change package selection to same method as for docker (diff) |
Merge branch 'topic/cri-dockerd'
Diffstat (limited to 'roles')
5 files changed, 72 insertions, 9 deletions
diff --git a/roles/containerd/defaults/main.yml b/roles/containerd/defaults/main.yml index b1ad9368..36cd3abd 100644 --- a/roles/containerd/defaults/main.yml +++ b/roles/containerd/defaults/main.yml @@ -1,6 +1,12 @@ --- -containerd_pkg_provider: docker-com -containerd_pkg_name: containerd.io +_containerd_pkg_name_map_: + distro: containerd + docker-com: containerd.io + +containerd_pkg_provider: distro +# containerd_pkg_provider: docker-com + +containerd_pkg_name: "{{ _containerd_pkg_name_map_[containerd_pkg_provider] }}" # containerd_pkg_version: diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml index a9b5dec1..91de6836 100644 --- a/roles/kubernetes/base/tasks/cri_docker.yml +++ b/roles/kubernetes/base/tasks/cri_docker.yml @@ -3,7 +3,7 @@ assert: msg: "The variable kubernetes_cri_socket is not configured correctly. You might need to move your host to the group kubernetes-cluster or standalone-kubelet!" that: - - kubernetes_cri_socket == "unix:///var/run/dockershim.sock" + - kubernetes_cri_socket == "unix:///var/run/cri-dockerd.sock" - name: create systemd snippet directory file: @@ -14,7 +14,7 @@ copy: content: | [Unit] - After=docker.service + After=cri-dockerd.service dest: /etc/systemd/system/kubelet.service.d/after-docker.conf - name: disable bridge and iptables in docker daemon config and switch to systemd cgroup driver @@ -32,3 +32,26 @@ - name: install docker include_role: name: docker/engine + +- name: install cri-dockerd + apt: + name: cri-dockerd + state: present + +- name: install systemd units for cri-docker + loop: + - socket + - service + template: + src: "cri-dockerd.{{ item }}.j2" + dest: "/etc/systemd/system/cri-dockerd.{{ item }}" + +- name: make sure cri-docker is started and enabled + loop: + - socket + - service + systemd: + daemon_reload: yes + name: "cri-dockerd.{{ item }}" + enabled: yes + state: started diff --git a/roles/kubernetes/base/templates/cri-dockerd.service.j2 b/roles/kubernetes/base/templates/cri-dockerd.service.j2 new file mode 100644 index 00000000..a83a18f0 --- /dev/null +++ b/roles/kubernetes/base/templates/cri-dockerd.service.j2 @@ -0,0 +1,27 @@ +[Unit] +Description=CRI Interface for Docker Application Container Engine +Documentation=https://docs.mirantis.com +After=network-online.target firewalld.service docker.service +Wants=network-online.target +Requires=cri-dockerd.socket +StartLimitBurst=3 +StartLimitIntervalSec=60s + +[Service] +Type=notify +ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d +ExecReload=/bin/kill -s HUP $MAINPID +TimeoutSec=0 +RestartSec=2 +Restart=always +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +Delegate=yes +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/roles/kubernetes/base/templates/cri-dockerd.socket.j2 b/roles/kubernetes/base/templates/cri-dockerd.socket.j2 new file mode 100644 index 00000000..8dfa27d4 --- /dev/null +++ b/roles/kubernetes/base/templates/cri-dockerd.socket.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=CRI Docker Socket for the API +PartOf=cri-dockerd.service + +[Socket] +ListenStream=%t/cri-dockerd.sock +SocketMode=0660 +SocketUser=root +SocketGroup=docker + +[Install] +WantedBy=sockets.target diff --git a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 index 00f2c360..d4637c72 100644 --- a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 +++ b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 @@ -1,11 +1,6 @@ [Service] ExecStart= ExecStart=/usr/bin/kubelet \ -{% if kubernetes_container_runtime != 'docker' %} --container-runtime=remote \ --container-runtime-endpoint={{ kubernetes_cri_socket }} \ -{% else %} - --container-runtime=docker \ - --network-plugin=cni \ -{% endif %} --config=/etc/kubernetes/kubelet.yml |