From 96c178e6931ff35d04b118c45c9b200f0304ec70 Mon Sep 17 00:00:00 2001 From: Alex Stockinger Date: Mon, 19 Dec 2022 10:53:51 +0100 Subject: [PATCH 1/2] Allow manually configuring containerd version via CLI flag Signed-off-by: Alex Stockinger --- cmd/machine-controller/main.go | 3 +++ pkg/containerruntime/config.go | 2 ++ pkg/containerruntime/containerd.go | 10 +++++----- pkg/containerruntime/containerruntime.go | 8 ++++++++ 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/cmd/machine-controller/main.go b/cmd/machine-controller/main.go index 171327cc5..2a1b0a1a3 100644 --- a/cmd/machine-controller/main.go +++ b/cmd/machine-controller/main.go @@ -84,6 +84,7 @@ var ( podCIDR string nodePortRange string nodeRegistryCredentialsSecret string + nodeContainerdVersion string nodeContainerdRegistryMirrors = containerruntime.RegistryMirrorsFlags{} overrideBootstrapKubeletAPIServer string ) @@ -170,6 +171,7 @@ func main() { flag.StringVar(&nodePauseImage, "node-pause-image", "", "Image for the pause container including tag. If not set, the kubelet default will be used: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/") flag.String("node-kubelet-repository", "quay.io/kubermatic/kubelet", "[NO-OP] Repository for the kubelet container. Has no effects.") flag.StringVar(&nodeContainerRuntime, "node-container-runtime", "docker", "container-runtime to deploy") + flag.StringVar(&nodeContainerdVersion, "node-containerd-version", "", "version of containerd to deploy") flag.Var(&nodeContainerdRegistryMirrors, "node-containerd-registry-mirrors", "Configure registry mirrors endpoints. Can be used multiple times to specify multiple mirrors") flag.StringVar(&caBundleFile, "ca-bundle", "", "path to a file containing all PEM-encoded CA certificates (will be used instead of the host's certificates if set)") flag.BoolVar(&nodeCSRApprover, "node-csr-approver", true, "Enable NodeCSRApprover controller to automatically approve node serving certificate requests") @@ -240,6 +242,7 @@ func main() { containerRuntimeOpts := containerruntime.Opts{ ContainerRuntime: nodeContainerRuntime, + ContainerdVersion: nodeContainerdVersion, ContainerdRegistryMirrors: nodeContainerdRegistryMirrors, InsecureRegistries: nodeInsecureRegistries, PauseImage: nodePauseImage, diff --git a/pkg/containerruntime/config.go b/pkg/containerruntime/config.go index 90bce0306..f93a54d9f 100644 --- a/pkg/containerruntime/config.go +++ b/pkg/containerruntime/config.go @@ -31,6 +31,7 @@ import ( type Opts struct { ContainerRuntime string + ContainerdVersion string InsecureRegistries string RegistryMirrors string RegistryCredentialsSecret string @@ -92,6 +93,7 @@ func BuildConfig(opts Opts) (Config, error) { withInsecureRegistries(insecureRegistries), withRegistryMirrors(opts.ContainerdRegistryMirrors), withSandboxImage(opts.PauseImage), + withContainerdVersion(opts.ContainerdVersion), ), nil } diff --git a/pkg/containerruntime/containerd.go b/pkg/containerruntime/containerd.go index 6337e04ad..69631ad68 100644 --- a/pkg/containerruntime/containerd.go +++ b/pkg/containerruntime/containerd.go @@ -27,8 +27,8 @@ import ( ) const ( - LegacyContainerdVersion = "1.4" - DefaultContainerdVersion = "1.6" + LegacyContainerdVersion = "1.4*" + DefaultContainerdVersion = "1.6*" ) type Containerd struct { @@ -123,7 +123,7 @@ runtime-endpoint: unix:///run/containerd/containerd.sock EOF yum install -y \ - containerd-{{ .ContainerdVersion }}* \ + containerd-{{ .ContainerdVersion }} \ yum-plugin-versionlock yum versionlock add containerd @@ -151,7 +151,7 @@ Restart=always EnvironmentFile=-/etc/environment EOF -yum install -y containerd.io-{{ .ContainerdVersion }}* yum-plugin-versionlock +yum install -y containerd.io-{{ .ContainerdVersion }} yum-plugin-versionlock yum versionlock add containerd.io systemctl daemon-reload @@ -175,7 +175,7 @@ Restart=always EnvironmentFile=-/etc/environment EOF -apt-get install -y --allow-downgrades containerd.io={{ .ContainerdVersion }}* +apt-get install -y --allow-downgrades containerd.io={{ .ContainerdVersion }} apt-mark hold containerd.io systemctl daemon-reload diff --git a/pkg/containerruntime/containerruntime.go b/pkg/containerruntime/containerruntime.go index 95eb55076..867b53b61 100644 --- a/pkg/containerruntime/containerruntime.go +++ b/pkg/containerruntime/containerruntime.go @@ -57,6 +57,12 @@ func withSandboxImage(image string) Opt { } } +func withContainerdVersion(version string) Opt { + return func(cfg *Config) { + cfg.ContainerdVersion = version + } +} + func get(containerRuntimeName string, opts ...Opt) Config { cfg := Config{} @@ -88,6 +94,7 @@ type Config struct { SandboxImage string `json:",omitempty"` ContainerLogMaxFiles string `json:",omitempty"` ContainerLogMaxSize string `json:",omitempty"` + ContainerdVersion string `json:",omitempty"` } // AuthConfig is a COPY of github.com/containerd/containerd/pkg/cri/config.AuthConfig. @@ -130,6 +137,7 @@ func (cfg Config) Engine(kubeletVersion *semver.Version) Engine { registryMirrors: cfg.RegistryMirrors, sandboxImage: cfg.SandboxImage, registryCredentials: cfg.RegistryCredentials, + version: cfg.ContainerdVersion, } moreThan124, _ := semver.NewConstraint(">= 1.24") From bb6a6c09d78fc49865347fec3deecf4b53c03167 Mon Sep 17 00:00:00 2001 From: Alex Stockinger Date: Tue, 20 Dec 2022 09:23:44 +0100 Subject: [PATCH 2/2] Also configure docker's containerd version via CLI flag Signed-off-by: Alex Stockinger --- pkg/containerruntime/containerruntime.go | 1 + pkg/containerruntime/docker.go | 15 ++++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/pkg/containerruntime/containerruntime.go b/pkg/containerruntime/containerruntime.go index 867b53b61..b7fe47979 100644 --- a/pkg/containerruntime/containerruntime.go +++ b/pkg/containerruntime/containerruntime.go @@ -130,6 +130,7 @@ func (cfg Config) Engine(kubeletVersion *semver.Version) Engine { containerLogMaxFiles: cfg.ContainerLogMaxFiles, containerLogMaxSize: cfg.ContainerLogMaxSize, registryCredentials: cfg.RegistryCredentials, + containerdVersion: cfg.ContainerdVersion, } containerd := &Containerd{ diff --git a/pkg/containerruntime/docker.go b/pkg/containerruntime/docker.go index 173ce3f6c..398368a54 100644 --- a/pkg/containerruntime/docker.go +++ b/pkg/containerruntime/docker.go @@ -27,8 +27,8 @@ import ( ) const ( - LegacyDockerContainerdVersion = "1.4" - DefaultDockerContainerdVersion = "1.6" + LegacyDockerContainerdVersion = "1.4*" + DefaultDockerContainerdVersion = "1.6*" DefaultDockerVersion = "20.10" LegacyDockerVersion = "19.03" ) @@ -39,6 +39,7 @@ type Docker struct { containerLogMaxFiles string containerLogMaxSize string registryCredentials map[string]AuthConfig + containerdVersion string } type DockerCfgJSON struct { @@ -88,6 +89,10 @@ func (eng *Docker) ScriptFor(os types.OperatingSystem) (string, error) { ContainerdVersion: DefaultDockerContainerdVersion, } + if eng.containerdVersion != "" { + args.ContainerdVersion = eng.containerdVersion + } + switch os { case types.OperatingSystemAmazonLinux2: args.ContainerdVersion = LegacyDockerContainerdVersion @@ -126,7 +131,7 @@ EOF yum install -y \ {{- if .ContainerdVersion }} - containerd-{{ .ContainerdVersion }}* \ + containerd-{{ .ContainerdVersion }} \ {{- end }} docker-{{ .DockerVersion }}* \ yum-plugin-versionlock @@ -152,7 +157,7 @@ EOF yum install -y \ {{- if .ContainerdVersion }} docker-ce-cli-{{ .DockerVersion }}* \ - containerd.io-{{ .ContainerdVersion }}* \ + containerd.io-{{ .ContainerdVersion }} \ {{- end }} docker-ce-{{ .DockerVersion }}* \ yum-plugin-versionlock @@ -178,7 +183,7 @@ EOF apt-get install --allow-downgrades -y \ {{- if .ContainerdVersion }} - containerd.io={{ .ContainerdVersion }}* \ + containerd.io={{ .ContainerdVersion }} \ docker-ce-cli=5:{{ .DockerVersion }}* \ {{- end }} docker-ce=5:{{ .DockerVersion }}*