search

cloudfoundry-incubator / kubo-release

Kubernetes BOSH release
https://www.cloudfoundry.org/container-runtime/
Apache License 2.0
161 stars 76 forks source link

Feature containerd option #383

Open obeyler opened 4 years ago

obeyler commented 4 years ago

What this PR does / why we need it: This PR allows use containerd instead of docker.

Why is this PR important? What is the user impact? Containerd works better than docker. It is lighter and more efficient. No more bug with docker. When docker crashed it filled the disk very quickly with his log and so on fill the bosh director. How can this PR be verified? Add
Is there any change in kubo-deployment? new kubelet property is added to kubelet job spec file: 

  container-runtime:
    description: "The container runtime job can be containerd or docker"
    default: docker

so by default no change in kubo-deployment If you plan to use containerd use these operator (with or without proxy setting)

- type: replace
  path: /instance_groups/name=worker/jobs/name=kubelet/properties/k8s-args/container-runtime
  value: remote

- type: replace
  path: /instance_groups/name=worker/jobs/name=kubelet/properties/k8s-args/container-runtime-endpoint?
  value: unix:///var/vcap/sys/run/containerd/containerd.sock

- type: replace
  path: /instance_groups/name=worker/jobs/name=kubelet/properties/k8s-args/runtime-request-timeout?
  value: 15m

- type: replace
  path: /instance_groups/name=worker/jobs/-
  value:
    name: containerd
    release: containerd
    properties:
      proxy:
        https: ((https_proxy))
        http: ((http_proxy))
        noproxy: ((no_proxy))
      config_toml:
        custom: |
          [plugins]
            [plugins.cgroups]
              no_prometheus = false
            [plugins.cri]
              stream_server_address = "127.0.0.1"
              stream_server_port = "0"
              enable_selinux = false
              sandbox_image = "k8s.gcr.io/pause:3.1"
              stats_collect_period = 10
              systemd_cgroup = false
              enable_tls_streaming = false
              max_container_log_line_size = 16384
              disable_proc_mount = false
              [plugins.cri.containerd]
                snapshotter = "overlayfs"
                no_pivot = false
                [plugins.cri.containerd.default_runtime]
                  runtime_type = "io.containerd.runtime.v1.linux"
                  runtime_engine = ""
                  runtime_root = ""
                [plugins.cri.containerd.untrusted_workload_runtime]
                  runtime_type = ""
                  runtime_engine = ""
                  runtime_root = ""
              [plugins.cri.cni]
                bin_dir = "/var/vcap/packages/cni/bin"
                conf_dir = "/etc/cni/net.d"
                conf_template = ""
              [plugins.cri.registry]
                [plugins.cri.registry.mirrors]
                  [plugins.cri.registry.mirrors."docker.io"]
                    endpoint = ["((registry-mirrors))"]
              [plugins.cri.x509_key_pair_streaming]
                tls_cert_file = ""
                tls_key_file = ""
            [plugins.diff-service]
              default = ["walking"]
            [plugins.linux]
              shim = "containerd-shim"
              runtime = "runc"
              runtime_root = ""
              no_shim = false
              shim_debug = false
            [plugins.opt]
              path = "/opt/containerd"
            [plugins.restart]
              interval = "10s"
            [plugins.scheduler]
              pause_threshold = 0.02
              deletion_threshold = 0
              mutation_threshold = 100
              schedule_delay = "0s"
              startup_delay = "100ms"

- type: remove
  path: /instance_groups/name=worker/jobs/name=kubelet/properties/k8s-args/docker

- type: remove
  path: /instance_groups/name=worker/jobs/name=kubelet/properties/k8s-args/docker-endpoint

- type: replace
  path: /releases/-
  value:
    name: containerd
    version: latest

by default the Is there any change in kubo-ci? no

Does this affect upgrade, or is there any migration required? no

Which issue(s) this PR fixes: fix https://github.com/cloudfoundry-incubator/kubo-release/issues/371

Release note:

Add a new kubelet parameter to allow use of containerd instead of docker. It will switch the monit dependency from docker to containerd and change his post deploy to load provisionned docker image by ctr instead of docker.
svrc commented 4 years ago

Finally looking to include this, will mull over how I'd like to see it merged if there are any tweak's I'll add it to a branch.