From b824f11c7e3794289ef3093b0e2fc8b9e74c2ef5 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 7 May 2021 01:38:36 +0200 Subject: renew containerd role --- roles/containerd/tasks/main.yml | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) (limited to 'roles/containerd/tasks/main.yml') diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml index f0d29a4a..ab23bd96 100644 --- a/roles/containerd/tasks/main.yml +++ b/roles/containerd/tasks/main.yml @@ -1,15 +1,37 @@ --- -- name: check for supported platform - when: ansible_distribution != "Ubuntu" - fail: - msg: "currenty this only works with ubuntu" +- name: install containerd config + when: containerd_config is defined + copy: + content: "{{ containerd_config | to_toml }}\n" + dest: /etc/containerd/config.toml + notify: restart containerd - name: prepare storage volume for /var/lib/containerd when: containerd_storage is defined - import_tasks: "{{ containerd_storage.type }}.yml" + vars: + storage_volume: "{{ containerd_storage | combine({'dest': '/var/lib/containerd'}) }}" + include_role: + name: "storage/{{ containerd_storage.type }}/volume" + +- name: prepare package provider + when: containerd_pkg_provider != 'distro' + include_role: + name: "apt-repo/{{ containerd_pkg_provider }}" - name: install containerd apt: - name: containerd + name: "{{ containerd_pkg_name }}{% if containerd_pkg_version is defined %}={{ containerd_pkg_version }}{% endif %}" state: present force: yes + +- name: disable automatic upgrades for containerd package + when: containerd_pkg_version is defined + dpkg_selections: + name: "{{ containerd_pkg_name }}" + selection: hold + +- name: start and enable containerd + service: + name: containerd + enabled: true + state: started -- cgit v1.2.3 From 0a78e31ffa4d83de9b94651982d1b4b99963144e Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 7 May 2021 20:45:01 +0200 Subject: fix containerd config generation --- roles/containerd/tasks/main.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'roles/containerd/tasks/main.yml') diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml index ab23bd96..b6a8d997 100644 --- a/roles/containerd/tasks/main.yml +++ b/roles/containerd/tasks/main.yml @@ -1,10 +1,17 @@ --- - name: install containerd config when: containerd_config is defined - copy: - content: "{{ containerd_config | to_toml }}\n" - dest: /etc/containerd/config.toml - notify: restart containerd + block: + - name: create containerd config directory + file: + name: /etc/containerd + state: directory + + - name: install containerd config + copy: + content: "{{ containerd_config | to_toml }}\n" + dest: /etc/containerd/config.toml + notify: restart containerd - name: prepare storage volume for /var/lib/containerd when: containerd_storage is defined -- cgit v1.2.3 From c1be7209e377f043ae567b1db3fb2add579b3235 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 8 May 2021 00:16:13 +0200 Subject: standalone kubelets using containerd --- chaos-at-home/ch-testvm-prometheus.yml | 11 ++--------- inventory/host_vars/ch-testvm-prometheus.yml | 12 ++++++++++++ inventory/hosts.ini | 1 + roles/containerd/tasks/main.yml | 26 ++++++++++++-------------- roles/kubernetes/base/tasks/cri_containerd.yml | 15 +++++++++++++++ roles/kubernetes/base/tasks/cri_docker.yml | 12 ++++++++++-- 6 files changed, 52 insertions(+), 25 deletions(-) (limited to 'roles/containerd/tasks/main.yml') diff --git a/chaos-at-home/ch-testvm-prometheus.yml b/chaos-at-home/ch-testvm-prometheus.yml index 13a60198..a34d58e3 100644 --- a/chaos-at-home/ch-testvm-prometheus.yml +++ b/chaos-at-home/ch-testvm-prometheus.yml @@ -7,12 +7,5 @@ - role: core/sshd/base - role: core/zsh - role: core/ntp - - role: containerd - containerd_config: - plugins: - "io.containerd.grpc.v1.cri": - containerd: - runtimes: - runc: - options: - SystemdCgroup: true + - role: kubernetes/base + - role: kubernetes/standalone/base diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index 11dec61c..426a2c00 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -40,3 +40,15 @@ containerd_storage: lv: containerd size: 20G fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 15G + fs: ext4 + +kubernetes_version: 1.21.0 +kubernetes_container_runtime: containerd +kubernetes_standalone_max_pods: 42 +kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 4c31b999..8d03b7b1 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -457,6 +457,7 @@ glt-telesto glt-datacop glt-thetys sgg-icecast +ch-testvm-prometheus [kubernetes:children] kubernetes-cluster diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml index b6a8d997..a082e27b 100644 --- a/roles/containerd/tasks/main.yml +++ b/roles/containerd/tasks/main.yml @@ -1,18 +1,4 @@ --- -- name: install containerd config - when: containerd_config is defined - block: - - name: create containerd config directory - file: - name: /etc/containerd - state: directory - - - name: install containerd config - copy: - content: "{{ containerd_config | to_toml }}\n" - dest: /etc/containerd/config.toml - notify: restart containerd - - name: prepare storage volume for /var/lib/containerd when: containerd_storage is defined vars: @@ -31,6 +17,18 @@ state: present force: yes +- name: fetch containerd default config + check_mode: no + command: containerd config default + register: containerd_config_default + changed_when: false + +- name: fetch containerd default config + copy: + content: "{{ containerd_config_default.stdout | from_toml | combine(containerd_config, recursive=True) | to_toml }}\n" + dest: /etc/containerd/config.toml + notify: restart containerd + - name: disable automatic upgrades for containerd package when: containerd_pkg_version is defined dpkg_selections: diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml index 66398ef2..441360f7 100644 --- a/roles/kubernetes/base/tasks/cri_containerd.yml +++ b/roles/kubernetes/base/tasks/cri_containerd.yml @@ -5,6 +5,21 @@ that: - kubernetes_cri_socket == "unix:///run/containerd/containerd.sock" +- name: switch to systemd cgroup driver + set_fact: + containerd_config_override: + plugins: + "io.containerd.grpc.v1.cri": + containerd: + runtimes: + runc: + options: + SystemdCgroup: true + +- name: override mandatory settings in containerd_config + set_fact: + containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) }}" + - name: install containerd include_role: name: containerd diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml index 187d5893..88b35508 100644 --- a/roles/kubernetes/base/tasks/cri_docker.yml +++ b/roles/kubernetes/base/tasks/cri_docker.yml @@ -17,9 +17,17 @@ After=docker.service dest: /etc/systemd/system/kubelet.service.d/after-docker.conf -- name: disable bridge and iptables in docker daemon config +- name: disable bridge and iptables in docker daemon config and switch to systemd cgroup driver set_fact: - docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}" + docker_daemon_config_override: + exec-opts: + - "native.cgroupdriver=systemd" + bridge: "none" + iptables: false + +- name: override mandatory settings in docker_daemon_config + set_fact: + docker_daemon_config: "{{ docker_daemon_config | default({}) | combine(docker_daemon_config_override, recursive=True, list_merge='append') }}" - name: install docker include_role: -- cgit v1.2.3 From 15b53903e14a7c7ddbb086fc94c42d7d2916b4df Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 8 May 2021 23:34:34 +0200 Subject: enable zfs snapshotter for containerd --- roles/containerd/tasks/main.yml | 6 ++++++ roles/kubernetes/base/tasks/cri_containerd.yml | 11 ++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) (limited to 'roles/containerd/tasks/main.yml') diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml index a082e27b..10371243 100644 --- a/roles/containerd/tasks/main.yml +++ b/roles/containerd/tasks/main.yml @@ -6,6 +6,12 @@ include_role: name: "storage/{{ containerd_storage.type }}/volume" +- name: create child-dataset for zfs-snapshotter + when: "containerd_storage is defined and containerd_storage.type == 'zfs'" + zfs: + name: "{{ containerd_storage.pool }}/{{ containerd_storage.name }}/io.containerd.snapshotter.v1.zfs" + state: present + - name: prepare package provider when: containerd_pkg_provider != 'distro' include_role: diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml index 441360f7..97775b14 100644 --- a/roles/kubernetes/base/tasks/cri_containerd.yml +++ b/roles/kubernetes/base/tasks/cri_containerd.yml @@ -16,9 +16,18 @@ options: SystemdCgroup: true +- name: switch to zfs-snapshotter for cri + when: "containerd_storage is defined and containerd_storage.type == 'zfs'" + set_fact: + containerd_config_override_zfs: + plugins: + "io.containerd.grpc.v1.cri": + containerd: + snapshotter: "zfs" + - name: override mandatory settings in containerd_config set_fact: - containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) }}" + containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) | combine((containerd_config_override_zfs | default({})), recursive=True) }}" - name: install containerd include_role: -- cgit v1.2.3