Defaults: replace docker with containerd as our default container_man…

…ager (kubernetes-sigs#8175)

* Defaults: replace docker with containerd as our default container_manager

* CI: Use docker for download_localhost test

* Defaults: with container_manager=containerd we need etcd_deployment_type=host

* CI: Run weave jobs with docker

* CI: Vagrant don't download_force_cache

* CI: Fix upgrade tests

* should run compatible with old settings, this means docker
* we need to run with a distro that has at least modern containerd,
  this means move from debian9 to debian10 to allow `containerd_version`
  to match between 2.17 and master

.gitlab-ci/packet.yml

@@ -22,11 +22,6 @@
   allow_failure: true
   extends: .packet
 
-packet_ubuntu18-calico-aio:
-  stage: deploy-part2
-  extends: .packet_pr
-  when: on_success
-
 # The ubuntu20-calico-aio jobs are meant as early stages to prevent running the full CI if something is horribly broken
 packet_ubuntu20-calico-aio:
   stage: deploy-part1
@@ -54,7 +49,12 @@ packet_ubuntu20-calico-aio-ansible-2_11:
 
 # ### PR JOBS PART2
 
-packet_centos7-flannel-containerd-addons-ha:
+packet_ubuntu18-calico-aio:
+  stage: deploy-part2
+  extends: .packet_pr
+  when: on_success
+
+packet_centos7-flannel-addons-ha:
   extends: .packet_pr
   stage: deploy-part2
   when: on_success
@@ -70,7 +70,7 @@ packet_ubuntu18-crio:
   stage: deploy-part2
   when: manual
 
-packet_ubuntu16-canal-kubeadm-ha:
+packet_ubuntu16-canal-ha:
   stage: deploy-part2
   extends: .packet_periodic
   when: on_success
@@ -100,7 +100,12 @@ packet_debian10-cilium-svc-proxy:
   extends: .packet_periodic
   when: on_success
 
-packet_debian10-containerd:
+packet_debian10-aio:
+  stage: deploy-part2
+  extends: .packet_pr
+  when: on_success
+
+packet_debian10-docker:
   stage: deploy-part2
   extends: .packet_pr
   when: on_success
@@ -110,6 +115,11 @@ packet_debian11-calico:
   extends: .packet_pr
   when: on_success
 
+packet_debian11-docker:
+  stage: deploy-part2
+  extends: .packet_pr
+  when: on_success
+
 packet_centos7-calico-ha-once-localhost:
   stage: deploy-part2
   extends: .packet_pr
@@ -130,7 +140,12 @@ packet_centos8-calico:
   extends: .packet_pr
   when: on_success
 
-packet_fedora34-weave:
+packet_centos8-docker:
+  stage: deploy-part2
+  extends: .packet_pr
+  when: on_success
+
+packet_fedora34-docker-weave:
   stage: deploy-part2
   extends: .packet_pr
   when: on_success
@@ -147,7 +162,7 @@ packet_ubuntu18-ovn4nfv:
 
 # ### MANUAL JOBS
 
-packet_ubuntu16-weave-sep:
+packet_ubuntu16-docker-weave-sep:
   stage: deploy-part2
   extends: .packet_pr
   when: manual
@@ -157,12 +172,12 @@ packet_ubuntu18-cilium-sep:
   extends: .packet_pr
   when: manual
 
-packet_ubuntu18-flannel-containerd-ha:
+packet_ubuntu18-flannel-ha:
   stage: deploy-part2
   extends: .packet_pr
   when: manual
 
-packet_ubuntu18-flannel-containerd-ha-once:
+packet_ubuntu18-flannel-ha-once:
   stage: deploy-part2
   extends: .packet_pr
   when: manual
@@ -220,15 +235,15 @@ packet_centos8-calico-nodelocaldns-secondary:
   extends: .packet_pr
   when: manual
 
-packet_fedora34-kube-ovn-containerd:
+packet_fedora34-kube-ovn:
   stage: deploy-part2
   extends: .packet_periodic
   when: on_success
 
 # ### PR JOBS PART3
 # Long jobs (45min+)
 
-packet_centos7-weave-upgrade-ha:
+packet_centos7-docker-weave-upgrade-ha:
   stage: deploy-part3
   extends: .packet_periodic
   when: on_success
@@ -241,14 +256,14 @@ packet_ubuntu20-calico-ha-wireguard:
   extends: .packet_pr
   when: manual
 
-packet_debian9-calico-upgrade:
+packet_debian10-calico-upgrade:
   stage: deploy-part3
   extends: .packet_pr
   when: on_success
   variables:
     UPGRADE_TEST: graceful
 
-packet_debian9-calico-upgrade-once:
+packet_debian10-calico-upgrade-once:
   stage: deploy-part3
   extends: .packet_periodic
   when: on_success

Vagrantfile

@@ -55,7 +55,7 @@ $network_plugin ||= "flannel"
 # Setting multi_networking to true will install Multus: https://github.com/intel/multus-cni
 $multi_networking ||= false
 $download_run_once ||= "True"
-$download_force_cache ||= "True"
+$download_force_cache ||= "False"
 # The first three nodes are etcd servers
 $etcd_instances ||= $num_instances
 # The first two nodes are kube masters

docs/ci.md

@@ -2,21 +2,21 @@
 
 To generate this Matrix run `./tests/scripts/md-table/main.py`
 
-## docker
+## containerd
 
 | OS / CNI | calico | canal | cilium | flannel | kube-ovn | kube-router | macvlan | ovn4nfv | weave |
 |---| --- | --- | --- | --- | --- | --- | --- | --- | --- |
 amazon |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-centos7 |  :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: |
+centos7 |  :white_check_mark: | :x: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: |
 centos8 |  :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: |
-debian10 |  :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
+debian10 |  :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
 debian11 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-debian9 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: |
+debian9 |  :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: |
 fedora33 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-fedora34 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
+fedora34 |  :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: |
 opensuse |  :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 oracle7 |  :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-ubuntu16 |  :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: |
+ubuntu16 |  :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: |
 ubuntu18 |  :white_check_mark: | :x: | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :white_check_mark: |
 ubuntu20 |  :white_check_mark: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
 
@@ -38,20 +38,20 @@ ubuntu16 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 ubuntu18 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 ubuntu20 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 
-## containerd
+## docker
 
 | OS / CNI | calico | canal | cilium | flannel | kube-ovn | kube-router | macvlan | ovn4nfv | weave |
 |---| --- | --- | --- | --- | --- | --- | --- | --- | --- |
 amazon |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-centos7 |  :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
-centos8 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
+centos7 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
+centos8 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 debian10 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-debian11 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
+debian11 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 debian9 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 fedora33 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-fedora34 |  :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: |
+fedora34 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
 opensuse |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 oracle7 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-ubuntu16 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-ubuntu18 |  :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
-ubuntu20 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
+ubuntu16 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
+ubuntu18 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
+ubuntu20 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |

inventory/sample/group_vars/etcd.yml

@@ -19,4 +19,5 @@
 # etcd_peer_client_auth: true
 
 ## Settings for etcd deployment type
-etcd_deployment_type: docker
+# Set this to docker if you are using container_manager: docker
+etcd_deployment_type: host

inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml

@@ -202,7 +202,8 @@ dns_domain: "{{ cluster_name }}"
 
 ## Container runtime
 ## docker for docker, crio for cri-o and containerd for containerd.
-container_manager: docker
+## Default: containerd
+container_manager: containerd
 
 # Additional container runtimes
 kata_containers_enabled: false

roles/kubespray-defaults/defaults/main.yaml

@@ -253,7 +253,7 @@ kubelet_shutdown_grace_period_critical_pods: 20s
 deploy_container_engine: inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type != 'host'
 
 # Container for runtime
-container_manager: docker
+container_manager: containerd
 
 # Enable Kata Containers as additional container runtime
 # When enabled, it requires `container_manager` different than Docker
@@ -344,7 +344,7 @@ docker_containerd_version: 1.4.9
 
 # Settings for containerized control plane (etcd/kubelet/secrets)
 # deployment type for legacy etcd mode
-etcd_deployment_type: docker
+etcd_deployment_type: host
 cert_management: script
 
 # Make a copy of kubeconfig on the host that runs Ansible in {{ inventory_dir }}/artifacts

tests/files/packet_centos7-calico-ha-once-localhost.yml

@@ -15,3 +15,7 @@ typha_secure: true
 disable_ipv6_dns: true
 
 auto_renew_certificates: true
+
+# Docker settings
+container_manager: docker
+etcd_deployment_type: docker

tests/files/packet_centos7-weave-upgrade-ha.yml → tests/files/packet_centos7-docker-weave-upgrade-ha.yml

@@ -9,5 +9,9 @@ deploy_netchecker: true
 kubernetes_audit: true
 dns_min_replicas: 1
 
+# Docker specific settings:
+container_manager: docker
+etcd_deployment_type: docker
+
 # Needed to upgrade from 1.16 to 1.17, otherwise upgrade is partial and bug followed
 upgrade_cluster_setup: true

tests/files/packet_centos7-flannel-containerd-addons-ha.yml → tests/files/packet_centos7-flannel-addons-ha.yml

@@ -12,10 +12,8 @@ download_run_once: true
 helm_enabled: true
 krew_enabled: true
 kubernetes_audit: true
-container_manager: containerd
 etcd_events_cluster_enabled: true
 local_volume_provisioner_enabled: true
-etcd_deployment_type: host
 deploy_netchecker: true
 dns_min_replicas: 1
 kube_encrypt_secret_data: true

tests/files/packet_centos8-crio.yml

@@ -8,9 +8,6 @@ deploy_netchecker: true
 dns_min_replicas: 1
 container_manager: crio
 
-# CRI-O requirements
-etcd_deployment_type: host
-
 # required
 calico_iptables_backend: "Auto"
 

tests/files/packet_centos8-docker.yml

@@ -0,0 +1,16 @@
+---
+# Instance settings
+cloud_image: centos-8
+mode: default
+vm_memory: 3072Mi
+
+# Kubespray settings
+deploy_netchecker: true
+dns_min_replicas: 1
+
+# required
+calico_iptables_backend: "Auto"
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker

tests/files/packet_debian10-aio.yml

@@ -0,0 +1,13 @@
+---
+# Instance settings
+cloud_image: debian-10
+mode: default
+
+# Kubespray settings
+deploy_netchecker: true
+dns_min_replicas: 1
+
+helm_enabled: true
+krew_enabled: true
+
+auto_renew_certificates: true

tests/files/packet_debian9-calico-upgrade-once.yml → tests/files/packet_debian10-calico-upgrade-once.yml

@@ -1,6 +1,6 @@
 ---
 # Instance settings
-cloud_image: debian-9
+cloud_image: debian-10
 mode: default
 
 # Kubespray settings
@@ -9,5 +9,9 @@ deploy_netchecker: true
 dns_min_replicas: 1
 download_run_once: true
 
+# Docker specific settings:
+container_manager: docker
+etcd_deployment_type: docker
+
 # Make docker happy
 docker_containerd_version: latest

tests/files/packet_debian9-calico-upgrade.yml → tests/files/packet_debian10-calico-upgrade.yml

@@ -1,12 +1,13 @@
 ---
 # Instance settings
-cloud_image: debian-9
+cloud_image: debian-10
 mode: default
 
 # Kubespray settings
 kube_network_plugin: calico
 deploy_netchecker: true
 dns_min_replicas: 1
 
-# Make docker happy
-docker_containerd_version: latest
+# Docker specific settings:
+container_manager: docker
+etcd_deployment_type: docker

tests/files/packet_debian10-docker.yml

@@ -0,0 +1,12 @@
+---
+# Instance settings
+cloud_image: debian-10
+mode: default
+
+# Kubespray settings
+deploy_netchecker: true
+dns_min_replicas: 1
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker

tests/files/packet_debian11-calico.yml

@@ -4,6 +4,5 @@ cloud_image: debian-11
 mode: default
 
 # Kubespray settings
-etcd_deployment_type: host
 deploy_netchecker: true
 dns_min_replicas: 1

tests/files/packet_debian11-docker.yml

@@ -0,0 +1,12 @@
+---
+# Instance settings
+cloud_image: debian-11
+mode: default
+
+# Kubespray settings
+deploy_netchecker: true
+dns_min_replicas: 1
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker

tests/files/packet_debian9-macvlan.yml

@@ -12,6 +12,3 @@ kube_proxy_masquerade_all: true
 macvlan_interface: "eth0"
 
 auto_renew_certificates: true
-
-# Make docker happy
-docker_containerd_version: latest