Unverified Commit 7bdc2a7e authored by Sebastiaan van Steenis's avatar Sebastiaan van Steenis Committed by GitHub
Browse files

Merge pull request #2565 from superseb/add_cridockerd

Add cridockerd
parents ff493523 62cb6cf8
Showing with 53 additions and 0 deletions
+53 -0
......@@ -57,6 +57,8 @@ const (
MaxEtcdNoStrictTLSVersion = "v3.4.14-rancher99"
EncryptionProviderConfigArgument = "encryption-provider-config"
KubeletCRIDockerdNameEnv = "RKE_KUBELET_CRIDOCKERD"
)
var admissionControlOptionNames = []string{"enable-admission-plugins", "admission-control"}
......@@ -436,6 +438,10 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
CommandArgs["tls-cert-file"] = pki.GetCertPath(pki.GetCrtNameForHost(host, pki.KubeletCertName))
CommandArgs["tls-private-key-file"] = pki.GetCertPath(fmt.Sprintf("%s-key", pki.GetCrtNameForHost(host, pki.KubeletCertName)))
}
if c.IsCRIDockerdEnabled() {
CommandArgs["container-runtime"] = "remote"
CommandArgs["container-runtime-endpoint"] = "/var/run/dockershim.sock"
}
if serviceOptions.Kubelet != nil {
for k, v := range serviceOptions.Kubelet {
......@@ -508,6 +514,12 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
Env := host.GetExtraEnv(kubelet.BaseService)
if c.IsCRIDockerdEnabled() {
Env = append(Env,
// Enable running cri-dockerd
fmt.Sprintf("%s=%s", KubeletCRIDockerdNameEnv, "true"))
}
if len(c.CloudProvider.Name) > 0 {
Env = append(Env,
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile)))
......@@ -1096,3 +1108,13 @@ func appendArgs(command []string, args map[string]string) []string {
}
return command
}
func (c *Cluster) IsCRIDockerdEnabled() bool {
if c == nil {
return false
}
if c.EnableCRIDockerd != nil && *c.EnableCRIDockerd {
return true
}
return false
}
......@@ -6,11 +6,13 @@ import (
"fmt"
"strings"
"github.com/blang/semver"
"github.com/rancher/rke/log"
"github.com/rancher/rke/metadata"
"github.com/rancher/rke/pki"
"github.com/rancher/rke/services"
"github.com/rancher/rke/util"
"github.com/sirupsen/logrus"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/validation"
)
......@@ -47,6 +49,11 @@ func (c *Cluster) ValidateCluster(ctx context.Context) error {
return err
}
// validate enabling CRIDockerd
if err := validateCRIDockerdOption(c); err != nil {
return err
}
// validate services options
return validateServicesOptions(c)
}
......@@ -576,3 +583,25 @@ func validateIngressImages(c *Cluster) error {
}
return nil
}
func validateCRIDockerdOption(c *Cluster) error {
if c.EnableCRIDockerd != nil && *c.EnableCRIDockerd {
k8sVersion := c.RancherKubernetesEngineConfig.Version
toMatch, err := semver.Make(k8sVersion[1:])
if err != nil {
return fmt.Errorf("%s is not valid semver", k8sVersion)
}
logrus.Debugf("Checking cri-dockerd for cluster version [%s]", k8sVersion)
// cri-dockerd can be enabled for k8s 1.21 and up
CRIDockerdAllowedRange, err := semver.ParseRange(">=1.21.0-rancher0")
if err != nil {
logrus.Warnf("Failed to parse semver range for checking cri-dockerd")
}
if !CRIDockerdAllowedRange(toMatch) {
logrus.Debugf("Cluster version [%s] is not allowed to enable cri-dockerd", k8sVersion)
return fmt.Errorf("Enabling cri-dockerd for cluster version [%s] is not supported", k8sVersion)
}
logrus.Infof("cri-dockerd is enabled for cluster version [%s]", k8sVersion)
}
return nil
}
......@@ -33,6 +33,8 @@ type RancherKubernetesEngineConfig struct {
Authorization AuthzConfig `yaml:"authorization" json:"authorization,omitempty"`
// Enable/disable strict docker version checking
IgnoreDockerVersion *bool `yaml:"ignore_docker_version" json:"ignoreDockerVersion" norman:"default=true"`
// Enable/disable using cri-dockerd
EnableCRIDockerd *bool `yaml:"enable_cri_dockerd" json:"enableCRIDockerd" norman:"default=false"`
// Kubernetes version to use (if kubernetes image is specified, image version takes precedence)
Version string `yaml:"kubernetes_version" json:"kubernetesVersion,omitempty"`
// List of private registries and their credentials
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment