From c1be7209e377f043ae567b1db3fb2add579b3235 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 8 May 2021 00:16:13 +0200 Subject: standalone kubelets using containerd --- roles/kubernetes/base/tasks/cri_containerd.yml | 15 +++++++++++++++ roles/kubernetes/base/tasks/cri_docker.yml | 12 ++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) (limited to 'roles/kubernetes/base') diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml index 66398ef2..441360f7 100644 --- a/roles/kubernetes/base/tasks/cri_containerd.yml +++ b/roles/kubernetes/base/tasks/cri_containerd.yml @@ -5,6 +5,21 @@ that: - kubernetes_cri_socket == "unix:///run/containerd/containerd.sock" +- name: switch to systemd cgroup driver + set_fact: + containerd_config_override: + plugins: + "io.containerd.grpc.v1.cri": + containerd: + runtimes: + runc: + options: + SystemdCgroup: true + +- name: override mandatory settings in containerd_config + set_fact: + containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) }}" + - name: install containerd include_role: name: containerd diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml index 187d5893..88b35508 100644 --- a/roles/kubernetes/base/tasks/cri_docker.yml +++ b/roles/kubernetes/base/tasks/cri_docker.yml @@ -17,9 +17,17 @@ After=docker.service dest: /etc/systemd/system/kubelet.service.d/after-docker.conf -- name: disable bridge and iptables in docker daemon config +- name: disable bridge and iptables in docker daemon config and switch to systemd cgroup driver set_fact: - docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}" + docker_daemon_config_override: + exec-opts: + - "native.cgroupdriver=systemd" + bridge: "none" + iptables: false + +- name: override mandatory settings in docker_daemon_config + set_fact: + docker_daemon_config: "{{ docker_daemon_config | default({}) | combine(docker_daemon_config_override, recursive=True, list_merge='append') }}" - name: install docker include_role: -- cgit v1.2.3 From 15b53903e14a7c7ddbb086fc94c42d7d2916b4df Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 8 May 2021 23:34:34 +0200 Subject: enable zfs snapshotter for containerd --- roles/containerd/tasks/main.yml | 6 ++++++ roles/kubernetes/base/tasks/cri_containerd.yml | 11 ++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) (limited to 'roles/kubernetes/base') diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml index a082e27b..10371243 100644 --- a/roles/containerd/tasks/main.yml +++ b/roles/containerd/tasks/main.yml @@ -6,6 +6,12 @@ include_role: name: "storage/{{ containerd_storage.type }}/volume" +- name: create child-dataset for zfs-snapshotter + when: "containerd_storage is defined and containerd_storage.type == 'zfs'" + zfs: + name: "{{ containerd_storage.pool }}/{{ containerd_storage.name }}/io.containerd.snapshotter.v1.zfs" + state: present + - name: prepare package provider when: containerd_pkg_provider != 'distro' include_role: diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml index 441360f7..97775b14 100644 --- a/roles/kubernetes/base/tasks/cri_containerd.yml +++ b/roles/kubernetes/base/tasks/cri_containerd.yml @@ -16,9 +16,18 @@ options: SystemdCgroup: true +- name: switch to zfs-snapshotter for cri + when: "containerd_storage is defined and containerd_storage.type == 'zfs'" + set_fact: + containerd_config_override_zfs: + plugins: + "io.containerd.grpc.v1.cri": + containerd: + snapshotter: "zfs" + - name: override mandatory settings in containerd_config set_fact: - containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) }}" + containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) | combine((containerd_config_override_zfs | default({})), recursive=True) }}" - name: install containerd include_role: -- cgit v1.2.3 From 9b924b06bcaaa53884f2486b02eb5ee2ff6a1fe5 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 9 May 2021 13:50:26 +0200 Subject: kubernetes: upgrade cri-tools package --- roles/apt-repo/github-containers/files/repo.gpg | Bin 0 -> 723 bytes roles/apt-repo/github-containers/tasks/main.yml | 20 +++++++++++++++ roles/kubernetes/base/tasks/main.yml | 32 +++++++++++++++--------- 3 files changed, 40 insertions(+), 12 deletions(-) create mode 100644 roles/apt-repo/github-containers/files/repo.gpg create mode 100644 roles/apt-repo/github-containers/tasks/main.yml (limited to 'roles/kubernetes/base') diff --git a/roles/apt-repo/github-containers/files/repo.gpg b/roles/apt-repo/github-containers/files/repo.gpg new file mode 100644 index 00000000..9b827ee8 Binary files /dev/null and b/roles/apt-repo/github-containers/files/repo.gpg differ diff --git a/roles/apt-repo/github-containers/tasks/main.yml b/roles/apt-repo/github-containers/tasks/main.yml new file mode 100644 index 00000000..fae56380 --- /dev/null +++ b/roles/apt-repo/github-containers/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: add repository key + copy: + src: repo.gpg + dest: /etc/apt/trusted.gpg.d/github-containers.gpg + register: apt_repo_github_containers_key + +- name: add repository entry + copy: + content: | + deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ (ansible_distribution == 'Ubuntu') | ternary('xUbuntu', ansible_distribution) }}_{{ ansible_distribution_version }}/ / + dest: /etc/apt/sources.list.d/github-containers.list + register: apt_repo_github_containers_sources + +- name: update apt cache + when: apt_repo_github_containers_key is changed or + apt_repo_github_containers_sources is changed + command: apt-get update + args: + warn: false diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index a104b660..a13f04fa 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -9,24 +9,39 @@ include_role: name: "storage/{{ kubelet_storage.type }}/volume" -- name: add apt repository +- name: add apt repository for kubernetes packages include_role: name: apt-repo/kubernetes +- name: add apt repository for cri-tools + include_role: + name: apt-repo/github-containers + - name: install kubelet and common packages apt: name: - bridge-utils - - cri-tools + - "cri-tools={{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1" - "kubelet={{ kubernetes_version }}-00" state: present force: yes -- name: disable automatic upgrades for kubelet +- name: disable automatic upgrades for kubelet and cri-tools + loop: + - kubelet + - cri-tools dpkg_selections: - name: kubelet + name: "{{ item }}" selection: hold +- name: configure endpoints for crictl + when: kubernetes_cri_socket + copy: + dest: /etc/crictl.yaml + content: | + runtime-endpoint: "{{ kubernetes_cri_socket }}" + image-endpoint: "{{ kubernetes_cri_socket }}" + - name: add crictl config for shells loop: - zsh @@ -36,14 +51,7 @@ create: yes marker: "### {mark} ANSIBLE MANAGED BLOCK for crictl ###" content: | - {% if kubernetes_cri_socket %} - alias crictl="crictl --runtime-endpoint {{ kubernetes_cri_socket }}" - {% endif %} - {% if item == 'zsh' %} - ## TODO: see https://github.com/kubernetes-sigs/cri-tools/issues/435 - autoload -U +X bashcompinit && bashcompinit - {% endif %} - source <(crictl completion) + source <(crictl completion {{ item }}) - name: add dummy group with gid 990 group: -- cgit v1.2.3