This commit is contained in:
15
ansible/roles/containerd/defaults/main.yml
Normal file
15
ansible/roles/containerd/defaults/main.yml
Normal file
@ -0,0 +1,15 @@
|
||||
# Copyright 2020 The Kubernetes Authors.
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
containerd_config_file: "etc/containerd/config.toml"
|
18
ansible/roles/containerd/tasks/debian.yml
Normal file
18
ansible/roles/containerd/tasks/debian.yml
Normal file
@ -0,0 +1,18 @@
|
||||
# Copyright 2018 The Kubernetes Authors.
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
- name: Install libseccomp2 package
|
||||
apt:
|
||||
name: libseccomp2
|
||||
state: present
|
169
ansible/roles/containerd/tasks/main.yml
Normal file
169
ansible/roles/containerd/tasks/main.yml
Normal file
@ -0,0 +1,169 @@
|
||||
# Copyright 2018 The Kubernetes Authors.
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
- import_tasks: debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- import_tasks: redhat.yml
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- import_tasks: photon.yml
|
||||
when: ansible_os_family == "VMware Photon OS"
|
||||
|
||||
# TODO(vincepri): Use deb/rpm packages once available.
|
||||
# See https://github.com/containerd/containerd/issues/1508 for context.
|
||||
- name: download containerd
|
||||
get_url:
|
||||
url: "{{ containerd_url }}"
|
||||
checksum: "sha256:{{ containerd_sha256 }}"
|
||||
dest: /tmp/containerd.tar.gz
|
||||
mode: 0600
|
||||
|
||||
- name: download containerd-wasm-shims
|
||||
get_url:
|
||||
url: "{{ containerd_wasm_shims_url }}"
|
||||
checksum: "sha256:{{ containerd_wasm_shims_sha256 }}"
|
||||
dest: /tmp/containerd_wasm_shims.tar.gz
|
||||
mode: 0600
|
||||
when: containerd_wasm_shims_runtimes | length > 0
|
||||
|
||||
- name: Create a directory if it does not exist
|
||||
file:
|
||||
path: "{{ sysusr_prefix }}/bin"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
# TODO(vincepri): This unpacks the entire tar in the root directory
|
||||
# we should find a better way to check what's being unpacked and where.
|
||||
- name: unpack containerd
|
||||
unarchive:
|
||||
remote_src: True
|
||||
src: /tmp/containerd.tar.gz
|
||||
dest: /
|
||||
extra_opts:
|
||||
- --no-overwrite-dir
|
||||
when: ansible_os_family != "Flatcar"
|
||||
|
||||
# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin'
|
||||
# see: https://github.com/kubernetes-sigs/image-builder/pull/1037
|
||||
- name: unpack containerd-wasm-shims
|
||||
unarchive:
|
||||
remote_src: True
|
||||
src: /tmp/containerd_wasm_shims.tar.gz
|
||||
dest: "{{ sysusr_prefix }}/bin"
|
||||
extra_opts:
|
||||
- --no-overwrite-dir
|
||||
when: ansible_os_family != "Flatcar" and (containerd_wasm_shims_runtimes | length > 0)
|
||||
|
||||
- name: unpack containerd for Flatcar to /opt/bin
|
||||
unarchive:
|
||||
remote_src: True
|
||||
src: /tmp/containerd.tar.gz
|
||||
dest: /
|
||||
extra_opts:
|
||||
- --absolute-names
|
||||
- --transform
|
||||
- 's@usr@opt@'
|
||||
- --transform
|
||||
- 's@sbin@bin@'
|
||||
- --transform
|
||||
- 's@opt/local@opt@'
|
||||
when: ansible_os_family == "Flatcar"
|
||||
|
||||
# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin'
|
||||
# see: https://github.com/kubernetes-sigs/image-builder/pull/1037
|
||||
- name: unpack containerd-wasm-shims for Flatcar to /opt/bin
|
||||
unarchive:
|
||||
remote_src: True
|
||||
src: /tmp/containerd_wasm_shims.tar.gz
|
||||
dest: "{{ sysusr_prefix }}/bin"
|
||||
extra_opts:
|
||||
- --no-overwrite-dir
|
||||
when: ansible_os_family == "Flatcar" and (containerd_wasm_shims_runtimes | length > 0)
|
||||
|
||||
# Remove /opt/cni directory, as we will install cni later
|
||||
- name: delete /opt/cni directory
|
||||
file:
|
||||
path: /opt/cni
|
||||
state: absent
|
||||
|
||||
# Remove /etc/cni directory, as we will configure cni later
|
||||
- name: delete /etc/cni directory
|
||||
file:
|
||||
path: /etc/cni
|
||||
state: absent
|
||||
|
||||
- name: Creates unit file directory
|
||||
file:
|
||||
path: /etc/systemd/system/containerd.service.d
|
||||
state: directory
|
||||
|
||||
- name: Create systemd unit drop-in file for containerd to run from /opt/bin
|
||||
template:
|
||||
dest: /etc/systemd/system/containerd.service.d/10-opt-bin-custom.conf
|
||||
src: etc/systemd/system/containerd-flatcar.conf
|
||||
mode: 0600
|
||||
when: ansible_os_family == "Flatcar"
|
||||
|
||||
- name: Create containerd memory pressure drop in file
|
||||
template:
|
||||
dest: /etc/systemd/system/containerd.service.d/memory-pressure.conf
|
||||
src: etc/systemd/system/containerd.service.d/memory-pressure.conf
|
||||
mode: 0644
|
||||
|
||||
- name: Create containerd max tasks drop in file
|
||||
template:
|
||||
dest: /etc/systemd/system/containerd.service.d/max-tasks.conf
|
||||
src: etc/systemd/system/containerd.service.d/max-tasks.conf
|
||||
mode: 0644
|
||||
|
||||
- name: Create containerd http proxy conf file if needed
|
||||
template:
|
||||
dest: /etc/systemd/system/containerd.service.d/http-proxy.conf
|
||||
src: etc/systemd/system/containerd.service.d/http-proxy.conf
|
||||
mode: 0644
|
||||
when: http_proxy is defined or https_proxy is defined
|
||||
|
||||
- name: Creates containerd config directory
|
||||
file:
|
||||
path: /etc/containerd
|
||||
state: directory
|
||||
|
||||
- name: Copy in containerd config file {{ containerd_config_file }}
|
||||
template:
|
||||
dest: /etc/containerd/config.toml
|
||||
src: "{{ containerd_config_file }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Copy in crictl config
|
||||
template:
|
||||
dest: /etc/crictl.yaml
|
||||
src: etc/crictl.yaml
|
||||
|
||||
- name: start containerd service
|
||||
systemd:
|
||||
name: containerd
|
||||
daemon_reload: yes
|
||||
enabled: True
|
||||
state: restarted
|
||||
|
||||
- name: delete tarball
|
||||
file:
|
||||
path: /tmp/containerd.tar.gz
|
||||
state: absent
|
||||
|
||||
- name: delete tarball
|
||||
file:
|
||||
path: /tmp/containerd_wasm_shims.tar.gz
|
||||
state: absent
|
16
ansible/roles/containerd/tasks/photon.yml
Normal file
16
ansible/roles/containerd/tasks/photon.yml
Normal file
@ -0,0 +1,16 @@
|
||||
# Copyright 2019 The Kubernetes Authors.
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
- name: Install libseccomp package
|
||||
command: tdnf install libseccomp -y
|
19
ansible/roles/containerd/tasks/redhat.yml
Normal file
19
ansible/roles/containerd/tasks/redhat.yml
Normal file
@ -0,0 +1,19 @@
|
||||
# Copyright 2018 The Kubernetes Authors.
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
- name: Install libseccomp package
|
||||
yum:
|
||||
name: libseccomp
|
||||
state: present
|
||||
lock_timeout: 60
|
@ -0,0 +1,33 @@
|
||||
## template: jinja
|
||||
|
||||
# Use config version 2 to enable new configuration fields.
|
||||
# Config file is parsed as version 1 by default.
|
||||
version = 2
|
||||
|
||||
{% if 'imports' not in containerd_additional_settings | b64decode %}
|
||||
imports = ["/etc/containerd/conf.d/*.toml"]
|
||||
{% endif %}
|
||||
|
||||
[plugins]
|
||||
[plugins."io.containerd.grpc.v1.cri"]
|
||||
sandbox_image = "{{ pause_image }}"
|
||||
{% if kubernetes_semver is version('v1.21.0', '>=') %}
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||
runtime_type = "io.containerd.runc.v2"
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||
SystemdCgroup = true
|
||||
{% if 'spin' in containerd_wasm_shims_runtimes %}
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.spin]
|
||||
runtime_type = "io.containerd.spin.v1"
|
||||
{% endif %}
|
||||
{% if 'slight' in containerd_wasm_shims_runtimes %}
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.slight]
|
||||
runtime_type = "io.containerd.slight.v1"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if packer_builder_type.startswith('azure') %}
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.headers]
|
||||
X-Meta-Source-Client = ["azure/capz"]
|
||||
{% endif %}
|
||||
|
||||
{{containerd_additional_settings | b64decode}}
|
1
ansible/roles/containerd/templates/etc/crictl.yaml
Normal file
1
ansible/roles/containerd/templates/etc/crictl.yaml
Normal file
@ -0,0 +1 @@
|
||||
runtime-endpoint: unix://{{ containerd_cri_socket }}
|
@ -0,0 +1,6 @@
|
||||
[Service]
|
||||
Environment=PATH=/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
|
||||
ExecStartPre=mkdir -p /run/docker/libcontainerd
|
||||
ExecStartPre=ln -fs /run/containerd/containerd.sock /run/docker/libcontainerd/docker-containerd.sock
|
||||
ExecStart=
|
||||
ExecStart=/opt/bin/containerd --config /etc/containerd/config.toml
|
@ -0,0 +1,10 @@
|
||||
[Service]
|
||||
{% if http_proxy %}
|
||||
Environment="HTTP_PROXY={{ http_proxy }}"
|
||||
{% endif %}
|
||||
{% if https_proxy %}
|
||||
Environment="HTTPS_PROXY={{ https_proxy }}"
|
||||
{% endif %}
|
||||
{% if no_proxy %}
|
||||
Environment="NO_PROXY={{ no_proxy }}"
|
||||
{% endif %}
|
@ -0,0 +1,3 @@
|
||||
[Service]
|
||||
# Do not limit the number of tasks that can be spawned by containerd
|
||||
TasksMax=infinity
|
@ -0,0 +1,8 @@
|
||||
[Service]
|
||||
# Decreases the likelihood that containerd is killed due to memory
|
||||
# pressure.
|
||||
#
|
||||
# Please see the following link for more information about the
|
||||
# OOMScoreAdjust configuration property:
|
||||
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#OOMScoreAdjust=
|
||||
OOMScoreAdjust=-999
|
Reference in New Issue
Block a user