diff --git a/CHANGELOG.md b/CHANGELOG.md index 03dd0af2..399c56a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Use containerd socket instead of dockershim in the kubelet config. +- [AWS] Bump to AWS-cni 1.11.2 and mount containerd socket instead of dockershim one to `aws-node` pods. +- Bump Pod Infra image to `giantswarm/pause-amd64:3.3`. + ## [10.1.0] - 2022-06-23 ### Added diff --git a/platforms/aws/giantnetes/variables.tf b/platforms/aws/giantnetes/variables.tf index 556cc8e1..ad770f7f 100644 --- a/platforms/aws/giantnetes/variables.tf +++ b/platforms/aws/giantnetes/variables.tf @@ -328,7 +328,7 @@ variable "image_pull_progress_deadline" { } variable "pod_infra_image" { - default = "giantswarm/pause-amd64:3.1" + default = "giantswarm/pause-amd64:3.3" } ### External Kubernetes API Access diff --git a/platforms/azure/giantnetes/main.tf b/platforms/azure/giantnetes/main.tf index dd75df61..583e56b7 100644 --- a/platforms/azure/giantnetes/main.tf +++ b/platforms/azure/giantnetes/main.tf @@ -164,6 +164,7 @@ locals { "MasterCount" = var.master_count "OIDCIssuerURL" = "https://${var.oidc_issuer_dns}.${var.base_domain}" "PodCIDR" = var.pod_cidr + "PodInfraImage" = var.pod_infra_image "Provider" = "azure" "Users" = yamldecode(base64decode(jsondecode(data.http.bastion_users.body).content)) "VaultDomainName" = "${var.vault_dns}.${var.base_domain}" diff --git a/platforms/azure/giantnetes/variables.tf b/platforms/azure/giantnetes/variables.tf index 2aa2a5fd..f73f2a1a 100644 --- a/platforms/azure/giantnetes/variables.tf +++ b/platforms/azure/giantnetes/variables.tf @@ -165,6 +165,10 @@ variable "hyperkube_version" { default = "1.22.10" } +variable "pod_infra_image" { + default = "giantswarm/pause-amd64:3.3" +} + ### DNS ### variable "base_domain" { diff --git a/templates/files/conf/10-use-custom-config.conf b/templates/files/conf/10-use-custom-config.conf new file mode 100644 index 00000000..b0baf396 --- /dev/null +++ b/templates/files/conf/10-use-custom-config.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/containerd diff --git a/templates/files/conf/containerd-config.toml b/templates/files/conf/containerd-config.toml new file mode 100644 index 00000000..ac80b535 --- /dev/null +++ b/templates/files/conf/containerd-config.toml @@ -0,0 +1,36 @@ +version = 2 + +# persistent data location +root = "/var/lib/containerd" +# runtime state information +state = "/run/containerd" +# set containerd as a subreaper on linux when it is not running as PID 1 +subreaper = true +# set containerd's OOM score +oom_score = -999 +disabled_plugins = [] + +# grpc configuration +[grpc] +address = "/run/containerd/containerd.sock" +# socket uid +uid = 0 +# socket gid +gid = 0 + +[plugins."containerd.runtime.v1.linux"] +# shim binary name/path +shim = "containerd-shim" +# runtime binary name/path +runtime = "runc" +# do not use a shim when starting containers, saves on memory but +# live restore is not supported +no_shim = false + +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] +# setting runc.options unsets parent settings +runtime_type = "io.containerd.runc.v2" +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] +SystemdCgroup = true +[plugins."io.containerd.grpc.v1.cri"] +sandbox_image = "{{.DockerRegistry}}/{{ .PodInfraImage }}" diff --git a/templates/files/k8s-resource/aws-cni.yaml b/templates/files/k8s-resource/aws-cni.yaml index 74e835c7..78b291e5 100644 --- a/templates/files/k8s-resource/aws-cni.yaml +++ b/templates/files/k8s-resource/aws-cni.yaml @@ -153,7 +153,7 @@ spec: tolerations: - operator: Exists initContainers: - - image: {{.DockerRegistry}}/giantswarm/aws-cni-init:v1.10.1-nftables + - image: {{.DockerRegistry}}/giantswarm/aws-cni-init:v1.11.2-nftables imagePullPolicy: Always name: aws-vpc-cni-init env: @@ -167,7 +167,7 @@ spec: - mountPath: /host/opt/cni/bin name: cni-bin-dir containers: - - image: {{.DockerRegistry}}/giantswarm/aws-cni:v1.10.1-nftables + - image: {{.DockerRegistry}}/giantswarm/aws-cni:v1.11.2-nftables imagePullPolicy: Always ports: - containerPort: 61678 @@ -244,8 +244,8 @@ spec: name: log-dir - mountPath: /var/run/aws-node name: run-dir - - mountPath: /var/run/dockershim.sock - name: dockershim + - mountPath: /var/run/cri.sock + name: cri - mountPath: /run/xtables.lock name: xtables-lock volumes: @@ -267,9 +267,9 @@ spec: path: /var/run/aws-node type: DirectoryOrCreate name: run-dir - - name: dockershim + - name: cri hostPath: - path: /var/run/dockershim/dockershim.sock + path: /var/run/containerd/containerd.sock --- apiVersion: apiextensions.k8s.io/v1 diff --git a/templates/files/k8s-resource/default-storage-class.yaml b/templates/files/k8s-resource/default-storage-class.yaml index 172cfd8f..7d85f2c3 100644 --- a/templates/files/k8s-resource/default-storage-class.yaml +++ b/templates/files/k8s-resource/default-storage-class.yaml @@ -1,5 +1,5 @@ {{if eq .Provider "aws" -}} -apiVersion: storage.k8s.io/v1beta1 +apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: gp2 diff --git a/templates/master.yaml.tmpl b/templates/master.yaml.tmpl index eb2bf3e0..2c5e4865 100644 --- a/templates/master.yaml.tmpl +++ b/templates/master.yaml.tmpl @@ -555,6 +555,27 @@ storage: id: 0 contents: source: "data:text/plain;charset=utf-8;base64,{{ index .Files "conf/ipvs.conf" }}" + + - path : /etc/containerd/config.toml + filesystem: root + mode: 420 + user: + id: 0 + group: + id: 0 + contents: + source: "data:text/plain;charset=utf-8;base64,{{ index .Files "conf/containerd-config.toml" }}" + + - path : /etc/systemd/system/containerd.service.d/10-use-custom-config.conf + filesystem: root + mode: 420 + user: + id: 0 + group: + id: 0 + contents: + source: "data:text/plain;charset=utf-8;base64,{{ index .Files "conf/10-use-custom-config.conf" }}" + {{ if eq .Provider "aws" }} - path: /etc/systemd/system/etcd3.d/10-require-attach-dep.conf filesystem: root @@ -1186,7 +1207,8 @@ systemd: ExecStart=/opt/bin/kubelet \ --config=/etc/kubernetes/config/kubelet.yaml \ --node-ip=${DEFAULT_IPV4} \ - --container-runtime-endpoint=/var/run/dockershim/dockershim.sock \ + --container-runtime=remote \ + --container-runtime-endpoint=unix:///run/containerd/containerd.sock \ --logtostderr=true \ --cloud-provider=external \ {{if eq .Provider "aws" -}} diff --git a/templates/worker.yaml.tmpl b/templates/worker.yaml.tmpl index c718eab5..5fd18515 100644 --- a/templates/worker.yaml.tmpl +++ b/templates/worker.yaml.tmpl @@ -230,6 +230,26 @@ storage: contents: source: "data:text/plain;charset=utf-8;base64,{{ index .Files "conf/ipvs.conf" }}" + - path : /etc/containerd/config.toml + filesystem: root + mode: 420 + user: + id: 0 + group: + id: 0 + contents: + source: "data:text/plain;charset=utf-8;base64,{{ index .Files "conf/containerd-config.toml" }}" + + - path : /etc/systemd/system/containerd.service.d/10-use-custom-config.conf + filesystem: root + mode: 420 + user: + id: 0 + group: + id: 0 + contents: + source: "data:text/plain;charset=utf-8;base64,{{ index .Files "conf/10-use-custom-config.conf" }}" + {{ if .LogentriesEnabled }} - path: /opt/bin/logentries.sh filesystem: root @@ -668,7 +688,8 @@ systemd: ExecStart=/opt/bin/kubelet \ --config=/etc/kubernetes/config/kubelet.yaml \ --node-ip=${DEFAULT_IPV4} \ - --container-runtime-endpoint=/var/run/dockershim/dockershim.sock \ + --container-runtime=remote \ + --container-runtime-endpoint=unix:///run/containerd/containerd.sock \ --logtostderr=true \ {{if eq .Provider "aws" -}} --cloud-provider=external \