Test dependencies
Some checks failed
continuous-integration/drone Build is failing

This commit is contained in:
2023-02-22 21:24:42 +01:00
commit f2b0a5e7c7
429 changed files with 20330 additions and 0 deletions

View File

@ -0,0 +1,15 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
containerd_config_file: "etc/containerd/config.toml"

View File

@ -0,0 +1,18 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install libseccomp2 package
apt:
name: libseccomp2
state: present

View File

@ -0,0 +1,169 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: debian.yml
when: ansible_os_family == "Debian"
- import_tasks: redhat.yml
when: ansible_os_family == "RedHat"
- import_tasks: photon.yml
when: ansible_os_family == "VMware Photon OS"
# TODO(vincepri): Use deb/rpm packages once available.
# See https://github.com/containerd/containerd/issues/1508 for context.
- name: download containerd
get_url:
url: "{{ containerd_url }}"
checksum: "sha256:{{ containerd_sha256 }}"
dest: /tmp/containerd.tar.gz
mode: 0600
- name: download containerd-wasm-shims
get_url:
url: "{{ containerd_wasm_shims_url }}"
checksum: "sha256:{{ containerd_wasm_shims_sha256 }}"
dest: /tmp/containerd_wasm_shims.tar.gz
mode: 0600
when: containerd_wasm_shims_runtimes | length > 0
- name: Create a directory if it does not exist
file:
path: "{{ sysusr_prefix }}/bin"
state: directory
mode: 0755
# TODO(vincepri): This unpacks the entire tar in the root directory
# we should find a better way to check what's being unpacked and where.
- name: unpack containerd
unarchive:
remote_src: True
src: /tmp/containerd.tar.gz
dest: /
extra_opts:
- --no-overwrite-dir
when: ansible_os_family != "Flatcar"
# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin'
# see: https://github.com/kubernetes-sigs/image-builder/pull/1037
- name: unpack containerd-wasm-shims
unarchive:
remote_src: True
src: /tmp/containerd_wasm_shims.tar.gz
dest: "{{ sysusr_prefix }}/bin"
extra_opts:
- --no-overwrite-dir
when: ansible_os_family != "Flatcar" and (containerd_wasm_shims_runtimes | length > 0)
- name: unpack containerd for Flatcar to /opt/bin
unarchive:
remote_src: True
src: /tmp/containerd.tar.gz
dest: /
extra_opts:
- --absolute-names
- --transform
- 's@usr@opt@'
- --transform
- 's@sbin@bin@'
- --transform
- 's@opt/local@opt@'
when: ansible_os_family == "Flatcar"
# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin'
# see: https://github.com/kubernetes-sigs/image-builder/pull/1037
- name: unpack containerd-wasm-shims for Flatcar to /opt/bin
unarchive:
remote_src: True
src: /tmp/containerd_wasm_shims.tar.gz
dest: "{{ sysusr_prefix }}/bin"
extra_opts:
- --no-overwrite-dir
when: ansible_os_family == "Flatcar" and (containerd_wasm_shims_runtimes | length > 0)
# Remove /opt/cni directory, as we will install cni later
- name: delete /opt/cni directory
file:
path: /opt/cni
state: absent
# Remove /etc/cni directory, as we will configure cni later
- name: delete /etc/cni directory
file:
path: /etc/cni
state: absent
- name: Creates unit file directory
file:
path: /etc/systemd/system/containerd.service.d
state: directory
- name: Create systemd unit drop-in file for containerd to run from /opt/bin
template:
dest: /etc/systemd/system/containerd.service.d/10-opt-bin-custom.conf
src: etc/systemd/system/containerd-flatcar.conf
mode: 0600
when: ansible_os_family == "Flatcar"
- name: Create containerd memory pressure drop in file
template:
dest: /etc/systemd/system/containerd.service.d/memory-pressure.conf
src: etc/systemd/system/containerd.service.d/memory-pressure.conf
mode: 0644
- name: Create containerd max tasks drop in file
template:
dest: /etc/systemd/system/containerd.service.d/max-tasks.conf
src: etc/systemd/system/containerd.service.d/max-tasks.conf
mode: 0644
- name: Create containerd http proxy conf file if needed
template:
dest: /etc/systemd/system/containerd.service.d/http-proxy.conf
src: etc/systemd/system/containerd.service.d/http-proxy.conf
mode: 0644
when: http_proxy is defined or https_proxy is defined
- name: Creates containerd config directory
file:
path: /etc/containerd
state: directory
- name: Copy in containerd config file {{ containerd_config_file }}
template:
dest: /etc/containerd/config.toml
src: "{{ containerd_config_file }}"
mode: 0644
- name: Copy in crictl config
template:
dest: /etc/crictl.yaml
src: etc/crictl.yaml
- name: start containerd service
systemd:
name: containerd
daemon_reload: yes
enabled: True
state: restarted
- name: delete tarball
file:
path: /tmp/containerd.tar.gz
state: absent
- name: delete tarball
file:
path: /tmp/containerd_wasm_shims.tar.gz
state: absent

View File

@ -0,0 +1,16 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install libseccomp package
command: tdnf install libseccomp -y

View File

@ -0,0 +1,19 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install libseccomp package
yum:
name: libseccomp
state: present
lock_timeout: 60

View File

@ -0,0 +1,33 @@
## template: jinja
# Use config version 2 to enable new configuration fields.
# Config file is parsed as version 1 by default.
version = 2
{% if 'imports' not in containerd_additional_settings | b64decode %}
imports = ["/etc/containerd/conf.d/*.toml"]
{% endif %}
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "{{ pause_image }}"
{% if kubernetes_semver is version('v1.21.0', '>=') %}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
{% if 'spin' in containerd_wasm_shims_runtimes %}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.spin]
runtime_type = "io.containerd.spin.v1"
{% endif %}
{% if 'slight' in containerd_wasm_shims_runtimes %}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.slight]
runtime_type = "io.containerd.slight.v1"
{% endif %}
{% endif %}
{% if packer_builder_type.startswith('azure') %}
[plugins."io.containerd.grpc.v1.cri".registry.headers]
X-Meta-Source-Client = ["azure/capz"]
{% endif %}
{{containerd_additional_settings | b64decode}}

View File

@ -0,0 +1 @@
runtime-endpoint: unix://{{ containerd_cri_socket }}

View File

@ -0,0 +1,6 @@
[Service]
Environment=PATH=/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
ExecStartPre=mkdir -p /run/docker/libcontainerd
ExecStartPre=ln -fs /run/containerd/containerd.sock /run/docker/libcontainerd/docker-containerd.sock
ExecStart=
ExecStart=/opt/bin/containerd --config /etc/containerd/config.toml

View File

@ -0,0 +1,10 @@
[Service]
{% if http_proxy %}
Environment="HTTP_PROXY={{ http_proxy }}"
{% endif %}
{% if https_proxy %}
Environment="HTTPS_PROXY={{ https_proxy }}"
{% endif %}
{% if no_proxy %}
Environment="NO_PROXY={{ no_proxy }}"
{% endif %}

View File

@ -0,0 +1,3 @@
[Service]
# Do not limit the number of tasks that can be spawned by containerd
TasksMax=infinity

View File

@ -0,0 +1,8 @@
[Service]
# Decreases the likelihood that containerd is killed due to memory
# pressure.
#
# Please see the following link for more information about the
# OOMScoreAdjust configuration property:
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#OOMScoreAdjust=
OOMScoreAdjust=-999