Set default container runtime to containerd

kubernetes · Jan 12, 2021 · 05500e6 · 05500e6
1 parent e4f4a20
commit 05500e6
Show file tree

Hide file tree

Showing 47 changed files with 230 additions and 195 deletions.
diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go
@@ -101,7 +101,7 @@ func (o *CreateClusterOptions) InitDefaults() {
 	o.Yes = false
 	o.Target = cloudup.TargetDirect
 
-	o.ContainerRuntime = "docker"
+	o.ContainerRuntime = "containerd"
 }
 
 var (

diff --git a/docs/cli/kops_create_cluster.md b/docs/cli/kops_create_cluster.md
@@ -76,7 +76,7 @@ kops create cluster [flags]
       --channel string                   Channel for default versions and configuration to use (default "stable")
       --cloud string                     Cloud provider to use - gce, aws, openstack
       --cloud-labels string              A list of KV pairs used to tag all instance groups in AWS (e.g. "Owner=John Doe,Team=Some Team").
-      --container-runtime string         Container runtime to use: containerd, docker (default "docker")
+      --container-runtime string         Container runtime to use: containerd, docker (default "containerd")
       --disable-subnet-tags              Set to disable automatic subnet tagging
       --dns string                       DNS hosted zone to use: public|private. (default "Public")
       --dns-zone string                  DNS hosted zone to use (defaults to longest matching zone)

diff --git a/docs/cluster_spec.md b/docs/cluster_spec.md
@@ -937,7 +937,10 @@ spec:
 ## containerRuntime
 {{ kops_feature_table(kops_added_default='1.18', k8s_min='1.11') }}
 
-Alternative [container runtimes](https://kubernetes.io/docs/setup/production-environment/container-runtimes/) can be used to run Kubernetes. Docker is still the default container runtime, but [containerd](https://kubernetes.io/blog/2018/05/24/kubernetes-containerd-integration-goes-ga/) can also be selected.
+Alternative [container runtimes](https://kubernetes.io/docs/setup/production-environment/container-runtimes/) can be used to run Kubernetes. The default container runtime is [containerd](https://containerd.io/docs/).
+
+Docker can still be selected but be aware that Kubernetes is deprecating support for the Docker runtime from version 1.20 and will be removed in a future release (currently planned for the 1.22 release in late 2021).
+@see [Don't Panic: Kubernetes and Docker](https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/)
 
 ```yaml
 spec:

diff --git a/docs/releases/1.20-NOTES.md b/docs/releases/1.20-NOTES.md
@@ -4,6 +4,8 @@
 
 # Significant changes
 
+* Default container runtime set to `containerd` for K8s versions >= 1.20.0.
+
 * Added [template funtions](https://kops.sigs.k8s.io/operations/cluster_template/#template-functions) for kubernetes version based on channel data.
 
 * kOps now use helm3 functions for merging template `--set` and `--values` arguments. This has slightly different behaviour than previous helm2-like logic.

diff --git a/pkg/model/components/containerd.go b/pkg/model/components/containerd.go
@@ -21,6 +21,7 @@ import (
 
 	"github.com/blang/semver/v4"
 	"github.com/pelletier/go-toml"
+	"k8s.io/klog/v2"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/loader"
@@ -44,6 +45,10 @@ func (b *ContainerdOptionsBuilder) BuildOptions(o interface{}) error {
 	containerd := clusterSpec.Containerd
 
 	if clusterSpec.ContainerRuntime == "containerd" {
+		if b.IsKubernetesLT("1.18") {
+			klog.Warningf("kubernetes %s is untested with containerd", clusterSpec.KubernetesVersion)
+		}
+
 		// Set version based on Kubernetes version
 		if fi.StringValue(containerd.Version) == "" {
 			if b.IsKubernetesGTE("1.19") {

diff --git a/pkg/model/components/defaults.go b/pkg/model/components/defaults.go
@@ -17,6 +17,7 @@ limitations under the License.
 package components
 
 import (
+	"k8s.io/klog/v2"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/upup/pkg/fi/loader"
 )
@@ -37,7 +38,15 @@ func (b *DefaultsOptionsBuilder) BuildOptions(o interface{}) error {
 	}
 
 	if options.ContainerRuntime == "" {
-		options.ContainerRuntime = "docker"
+		if b.Context.IsKubernetesGTE("1.20") {
+			options.ContainerRuntime = "containerd"
+
+			if options.Docker != nil {
+				klog.Errorf("Docker options are invalid with the default container runtime, containerd")
+			}
+		} else {
+			options.ContainerRuntime = "docker"
+		}
 	}
 
 	return nil

diff --git a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml
@@ -11,7 +11,7 @@ spec:
   channel: stable
   cloudProvider: aws
   configBase: memfs://tests/complex.example.com
-  containerRuntime: docker
+  containerRuntime: containerd
   etcdClusters:
   - cpuRequest: 200m
     etcdMembers:
@@ -32,11 +32,11 @@ spec:
     anonymousAuth: false
   kubernetesApiAccess:
   - 0.0.0.0/0
-  kubernetesVersion: v1.15.6
+  kubernetesVersion: v1.20.1
   masterPublicName: api.complex.example.com
   networkCIDR: 172.20.0.0/16
   networking:
-    kubenet: {}
+    calico: {}
   nonMasqueradeCIDR: 100.64.0.0/10
   sshAccess:
   - 1.2.3.4/32
@@ -61,7 +61,7 @@ metadata:
     kops.k8s.io/cluster: complex.example.com
   name: master-us-test-1a
 spec:
-  image: kope.io/k8s-1.15-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: m3.medium
   maxSize: 1
   minSize: 1
@@ -81,7 +81,7 @@ metadata:
     kops.k8s.io/cluster: complex.example.com
   name: nodes-us-test-1a
 spec:
-  image: kope.io/k8s-1.15-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: t2.medium
   maxSize: 1
   minSize: 1

diff --git a/tests/integration/create_cluster/complex/options.yaml b/tests/integration/create_cluster/complex/options.yaml
@@ -2,7 +2,8 @@ ClusterName: complex.example.com
 Zones:
 - us-test-1a
 CloudProvider: aws
-KubernetesVersion: v1.15.6
+Networking: calico
+KubernetesVersion: v1.20.1
 # We specify SSHAccess but _not_ AdminAccess
 SSHAccess:
 - 1.2.3.4/32
diff --git a/tests/integration/create_cluster/gce_byo_sa/expected-v1alpha2.yaml b/tests/integration/create_cluster/gce_byo_sa/expected-v1alpha2.yaml
@@ -13,7 +13,7 @@ spec:
     gceServiceAccount: test-account@testproject.iam.gserviceaccount.com
   cloudProvider: gce
   configBase: memfs://tests/gce.example.com
-  containerRuntime: docker
+  containerRuntime: containerd
   etcdClusters:
   - cpuRequest: 200m
     etcdMembers:
@@ -34,10 +34,10 @@ spec:
     anonymousAuth: false
   kubernetesApiAccess:
   - 0.0.0.0/0
-  kubernetesVersion: v1.15.6-beta.1
+  kubernetesVersion: v1.20.1
   masterPublicName: api.gce.example.com
   networking:
-    kubenet: {}
+    calico: {}
   nonMasqueradeCIDR: 100.64.0.0/10
   project: testproject
   sshAccess:
@@ -62,7 +62,7 @@ metadata:
     kops.k8s.io/cluster: gce.example.com
   name: master-us-test1-a
 spec:
-  image: cos-cloud/cos-stable-65-10323-99-0
+  image: cos-cloud/cos-stable-77-12371-114-0
   machineType: n1-standard-1
   maxSize: 1
   minSize: 1
@@ -85,7 +85,7 @@ metadata:
     kops.k8s.io/cluster: gce.example.com
   name: nodes-us-test1-a
 spec:
-  image: cos-cloud/cos-stable-65-10323-99-0
+  image: cos-cloud/cos-stable-77-12371-114-0
   machineType: n1-standard-2
   maxSize: 1
   minSize: 1

diff --git a/tests/integration/create_cluster/gce_byo_sa/options.yaml b/tests/integration/create_cluster/gce_byo_sa/options.yaml
@@ -4,6 +4,7 @@ Zones:
 MasterZones:
 - us-test1-a
 CloudProvider: gce
-KubernetesVersion: v1.15.6-beta.1
+Networking: calico
+KubernetesVersion: v1.20.1
 Project: testproject
-GCEServiceAccount: test-account@testproject.iam.gserviceaccount.com
+GCEServiceAccount: test-account@testproject.iam.gserviceaccount.com
diff --git a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml
@@ -11,7 +11,7 @@ spec:
   channel: stable
   cloudProvider: aws
   configBase: memfs://tests/ha.example.com
-  containerRuntime: docker
+  containerRuntime: containerd
   etcdClusters:
   - cpuRequest: 200m
     etcdMembers:
@@ -40,11 +40,11 @@ spec:
     anonymousAuth: false
   kubernetesApiAccess:
   - 0.0.0.0/0
-  kubernetesVersion: v1.15.0-alpha.3
+  kubernetesVersion: v1.20.1
   masterPublicName: api.ha.example.com
   networkCIDR: 172.20.0.0/16
   networking:
-    kubenet: {}
+    calico: {}
   nonMasqueradeCIDR: 100.64.0.0/10
   sshAccess:
   - 0.0.0.0/0
@@ -77,7 +77,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: master-us-test-1a
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: m3.medium
   maxSize: 1
   minSize: 1
@@ -97,7 +97,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: master-us-test-1b
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: m3.medium
   maxSize: 1
   minSize: 1
@@ -117,7 +117,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: master-us-test-1c
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: m3.medium
   maxSize: 1
   minSize: 1
@@ -137,7 +137,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: nodes-us-test-1a
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: t2.medium
   maxSize: 1
   minSize: 1
@@ -157,7 +157,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: nodes-us-test-1b
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: t2.medium
   maxSize: 1
   minSize: 1
@@ -177,7 +177,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: nodes-us-test-1c
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: t2.medium
   maxSize: 1
   minSize: 1

diff --git a/tests/integration/create_cluster/ha/options.yaml b/tests/integration/create_cluster/ha/options.yaml
@@ -8,4 +8,5 @@ MasterZones:
 - us-test-1b
 - us-test-1c
 CloudProvider: aws
-KubernetesVersion: v1.15.0-alpha.3
+Networking: calico
+KubernetesVersion: v1.20.1
diff --git a/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml
@@ -11,7 +11,7 @@ spec:
   channel: stable
   cloudProvider: aws
   configBase: memfs://tests/ha.example.com
-  containerRuntime: docker
+  containerRuntime: containerd
   etcdClusters:
   - cpuRequest: 200m
     etcdMembers:
@@ -46,11 +46,11 @@ spec:
     anonymousAuth: false
   kubernetesApiAccess:
   - 0.0.0.0/0
-  kubernetesVersion: v1.15.0-alpha.3
+  kubernetesVersion: v1.20.1
   masterPublicName: api.ha.example.com
   networkCIDR: 172.20.0.0/16
   networking:
-    kubenet: {}
+    calico: {}
   nonMasqueradeCIDR: 100.64.0.0/10
   sshAccess:
   - 0.0.0.0/0
@@ -83,7 +83,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: master-us-test-1a
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: m3.medium
   maxSize: 1
   minSize: 1
@@ -103,7 +103,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: master-us-test-1b
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: m3.medium
   maxSize: 1
   minSize: 1
@@ -123,7 +123,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: master-us-test-1c
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: m3.medium
   maxSize: 1
   minSize: 1
@@ -143,7 +143,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: nodes-us-test-1a
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: t2.medium
   maxSize: 1
   minSize: 1
@@ -163,7 +163,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: nodes-us-test-1b
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: t2.medium
   maxSize: 1
   minSize: 1
@@ -183,7 +183,7 @@ metadata:
     kops.k8s.io/cluster: ha.example.com
   name: nodes-us-test-1c
 spec:
-  image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2020-11-19
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201112.1
   machineType: t2.medium
   maxSize: 1
   minSize: 1

diff --git a/tests/integration/create_cluster/ha_encrypt/options.yaml b/tests/integration/create_cluster/ha_encrypt/options.yaml
@@ -8,5 +8,6 @@ MasterZones:
 - us-test-1b
 - us-test-1c
 CloudProvider: aws
-KubernetesVersion: v1.15.0-alpha.3
+Networking: calico
+KubernetesVersion: v1.20.1
 EncryptEtcdStorage: true