The legacy k8s repository was retired on March 26, 2024 [1].
The cri-o project followed k8s lead and moved the build to a new
repository [2].
This patch changes the location of k8s, cri-o installed packages
for Ubuntu based deployments only. Changes the value of the
apiversion parameter in the kubeadm configuration because the new
repository can also install 1.27.x and later versions of k8s that
no longer support v1beta2 and earlier APIs.
The version of the package to be installed can be specified using
the K8S_VERSION and CRIO_VERSION variables.
Also, the default values of K8S_VERSION and CRIO_VERSION have been
changed, and it has been confirmed that tacker project FT works fine
with the changed version.
[1]https://kubernetes.io/blog/2023/08/31/legacy-package-repository-deprecation/
[2]https://kubernetes.io/blog/2023/10/10/cri-o-community-package-infrastructure/
Change-Id: I0ce9fd2bcb5d79ebad2cecafabf8c9f33b106647
The default behavior of crio service is `disable` if you install it with
devstack. So, kubelet cannot launch after rebooting a host because crio
isn't run on the host before. To fix the issue, enable crio in systemctl
while installing kubeadm.
Change-Id: Ic042494d1cd588fb2b06f7e1d5544206b20b5ad6
Signed-off-by: Yasufumi Ogawa <yasufum.o@gmail.com>
cri-o repository for centos need to be added in
/etc/yum.repos.d to successfully install cri-o on centos system.
Change-Id: I6b215cb0efb3c53e97a4a6605e94a262c0d04f25
k8s gate is still on focal, so patch which unblock the apparmor for
jammy does not affect it. Here is the fix for focal as well.
Change-Id: I2a9bc69a59e7d6d21d61e79115d5a3c726c73ab0
Kubernetes 1.19 is long gone over a year now. Current minimal supported
version is 1.23.x. It is also last version, which supports docker-shim.
In this patch we propose to bump the version of k8s to 1.23.16 and crio
to 1.23.
Change-Id: I822217e769cc5cd041032fb2302c3a9c130d11ff
Last year, kubernetes community has made a move from k8s.gcr.io to
registry.k8s.io. Currently images on k8s.gcr.io has been stopped from
serving therefore, there is a need to migrate to the new one.
Change-Id: I20305b380d26fdaa30632107b29debc519e13e54
Recently there are failures observed with docker installations. Newest
version (23.x) started to fail to create containers, when there are no
tools for apparmor available, and yet, this feature is enabled on
kernel, which is true in case of Ubuntu Jammy (22.04) stable release.
There are couple[1] of bugs[2] reported to the upstream, and as a
workaround, proposal is to install apparmor.
[1] https://github.com/moby/moby/issues/44900
[2] https://github.com/moby/moby/issues/44970
Change-Id: Ie10de8a8b074daa19ba4a882528e78cd1ee74245
In earlier version of cri-o (at least that been seen in 1.18) cri-o
packages have default configuration stored as /etc/crio/crio.conf, with
all the default values defined. Setting a value for the key means that
was a need to actually change the default. In version up to 1.23 there
was even no configuration stored at all, but starting from 1.24, all the
default config options has been commented out, and only section names
are not commented.
Similar situation has been detected for registry configuration, but here
it is even more difficult, as in recent version toml format has been
used instead of ini.
With this patch all of the cases has been covered.
Change-Id: Ia1b3dee3979841e798cec11c02ba1412dccef6c2
In some places of which network environment was limited, ciro can't
pull images from k8s.gcr.io. This patch add a variable
`CRIO_PAUSE_IMAGE` in order to the developer who located in these
places can set the ciro to pull pause container images from
repository that they can access.
The `CRIO_PAUSE_COMMAND` used to configure crio's `pause_command`
(the pause container's bootstrap command), in order to the developer
can use the special pause image the they customized.
Change-Id: Ib0d4c42870d40ef583546758513a36b906c7663b
In some places of which network environment was limited, kubeadm
can't pull images from k8s.gcr.io. This patch add a variable
`KUBEADMIN_IMAGE_REPOSITORY` in order to the developer who located in
these places can set the kubeadm to pull container images from
repository that they can access.
Change-Id: I14aed50077ef0760635e575770fd2274cb759c53
By default, CRI-O doesn't allow to have ICMP traffic between the pods
and pods to/from host. It's convenient to have such ability for testing
and debugging purpose.
In this patch there is added appropriate configuration to crio.conf, and
also a setting to disable it if needed.
Change-Id: I1133815d9cbce311313bff7a219a9b3939390660
There are also two new configuration option introduced:
- CNI_PLUGIN_DIR
- CNI_CONF_DIR
which, if defined, are used to configure crio paths for plugins and
networks config.
Change-Id: Ica4277b06740f8dca3ff5be77432cf6ab2f3cdeb
Since projectatomic Ubuntu builds are deprecated, and advice was to
consult upstream documentation[1], Kubernetes with cri-o now rely on
Kubic project, which (among the others) provides packages for Ubuntu
20.04. Let us switch for those.
[1] https://kubernetes.io/docs/setup/production-environment/container-runtimes/#cri-o
Change-Id: Ib06753d22f8859eefedc031094851b052f4105b6
We need to configure CNI plugin first, then configure and restart
containerd. In before, the order is reverse so the CNI config
is not picked.
Change-Id: I1c0e753b19289c339e44f288cae02d7ee2957da6
Installing docker will install the CRI plugin for containerd.
This commit support enabling the CRI-containerd plugin.
By default, this is disabled.
Change-Id: Ica8d5f91ae77d1d6599bfadc4031552016ad8953
Add support for installing kubernetes cluster via devstack.
It uses kubeadm to bootstrap the k8s cluster.
Change-Id: I7877ceda08bbdab807116a13d74ff884136dc501
This commit adds support for installing cri-o as container engine in
CentOS and Fedora. Tested on CentOS 7.6 and Fedora 28.
Change-Id: I0e10e06156e02397b5cd64efe802869d0e96b231
Seems like aforementioned package is not available on Ubuntu 18.04
(Bionic). This commit excludes that version from installation of Docker.
Change-Id: Ib1864497dd19caadf9077386ce278712e4f5de8f
ENABLE_CLEAR_CONTAINER should be set to false by default as they're
relying on third party repos which could break devstack installation at
some point.
Change-Id: I99b26650f6c68e8563dcde589bda7ccdc6a19a46
Some distros docker packaging use systemd instead of cgroupfs as the
cgroupdriver. This patch allows users to choose their cgroupdriver.
Change-Id: I95b51591d0aa5495ec583c3c87c77942109b4067
Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
Docker turn off debug mode by default, but the non-debug mode
doesn't provide enough information for development. It is handy
to have a way to turn on the debug mode.
Change-Id: I403ea7cc43b0b0808bfac3ec6f9ac7586f4723f6
In devstack gate, jobs might be run with users other than $STACK_USER,
so the docker group should be configurable.
Change-Id: I64665b9883094d5603f3e737a1c08d924a058960
It looks the function 'warn' might return unsucessfully which
abort the devstack script. Let's use echo instead.
Change-Id: I931f3c649fb3637fd7be667644731329fa12cd07
This package doesn't present at ec2 Ubuntu instance. Docker
installation may or may not work in this case. This commit
detect the presence of these packages and print a warning.
Change-Id: I2c5b4ed1446d63949be4d181da696933df4c64f8
The SWARM_MODE variable is for determining whether to set the
cluster_store options of docker daemon. Therefore, change it to
DOCKER_CLUSTER_STORE to make it clear.
Change-Id: I79f00c7cc158d825627ce6a9d28b053b0cf3c076
There are several projects that tried to install docker in different
ways. This potentially lead to failure of more than one such services
were enabled. This commit consolidate docker installation into
a devstack plugin so that other services could depend on it.
The initial script was mainly from Kuryr-libnetwork. Kuryr, Fuxi,
and Zun might leverage this script to install Docker in the future.
Change-Id: I97dbff2f361acc98b12ec6f40ab115c8548477a3
