Skip to content

Sync the containerd files for Kubernetes #718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Sync the containerd files for Kubernetes #718

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 37 additions & 1 deletion examples/k8s.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,46 @@ provision:
apt-get install -y cri-tools
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
EOF
# cni-plugins
apt-get install -y kubernetes-cni
mkdir -p /etc/cni/net.d
cat << EOF | tee /etc/cni/net.d/10-containerd-net.conflist
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we are going to support multi-node example (#1183), so probably we do not need to use non-flannel bridge?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would have to be versioned, at least. That is, only apply when number of nodes == 1. Otherwise flannel.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it harmless to use flannel on single-node mode too?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, just overkill. Mostly it was triggered by the kubeadm team not wanting to support flannel anymore.

{
"cniVersion": "0.4.0",
"name": "containerd-net",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"promiscMode": true,
"ipam": {
"type": "host-local",
"ranges": [
[{
"subnet": "10.88.0.0/16"
}],
[{
"subnet": "2001:4860:4860::/64"
}]
],
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "::/0" }
]
}
},
{
"type": "portmap",
"capabilities": {"portMappings": true}
}
]
}
EOF
# To use flannel, delete the default CNI network
# To use containerd-net, comment this and below
rm -f /etc/cni/net.d/*.conf*
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This rm -f is confusing

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I inherited from the installation where we also have podman and cri-o

Perhaps remove the glob and use the above only ? Hope nothing else is there.
Kubernetes only supports having one file in CNI, and uses the first in alphabet.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the recent release, the cni conf dir flag has been removed - which broke our workaround

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anyway, we get a default CNI with the container runtime installation.

It must be deleted, if we want to install our own CNI - like "flannel"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should only support flannel.
Not really useful for single-node cluster, but akin to production env.

Copy link
Member Author

@afbjorklund afbjorklund Apr 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Main reason for containerd-net was to not depend on any third-party images

IMAGE                                TAG                 IMAGE ID            SIZE
k8s.gcr.io/coredns/coredns           v1.8.6              a4ca41631cc7a       13.6MB
k8s.gcr.io/etcd                      3.5.1-0             25f8c7f3da61c       98.9MB
k8s.gcr.io/kube-apiserver            v1.23.6             8fa62c12256df       32.6MB
k8s.gcr.io/kube-controller-manager   v1.23.6             df7b72818ad2e       30.2MB
k8s.gcr.io/kube-proxy                v1.23.6             4c03754524064       39.3MB
k8s.gcr.io/kube-scheduler            v1.23.6             595f327f224a4       15.1MB
k8s.gcr.io/pause                     3.6                 6270bb605e12e       302kB
quay.io/coreos/flannel               v0.14.0             8522d622299ca       21.1MB

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The registry changed from k8s.gcr.io to registry.k8s.io and from quay.io to docker.io, but anyway.

IMAGE                                     TAG                 IMAGE ID            SIZE
docker.io/flannel/flannel-cni-plugin      v1.1.2              7a2dcab94698c       3.84MB
docker.io/flannel/flannel                 v0.21.2             7b7f3acab868d       24.2MB
registry.k8s.io/coredns/coredns           v1.9.3              5185b96f0becf       14.8MB
registry.k8s.io/etcd                      3.5.6-0             fce326961ae2d       103MB
registry.k8s.io/kube-apiserver            v1.26.1             deb04688c4a35       35.3MB
registry.k8s.io/kube-controller-manager   v1.26.1             e9c08e11b07f6       32.2MB
registry.k8s.io/kube-proxy                v1.26.1             46a6bb3c77ce0       21.5MB
registry.k8s.io/kube-scheduler            v1.26.1             655493523f607       17.5MB
registry.k8s.io/pause                     3.9                 e6f1816883972       322kB

apt-get install -y kubelet kubeadm kubectl && apt-mark hold kubelet kubeadm kubectl
systemctl enable --now kubelet
Expand Down