Move to containerd (#20)

lpabon · Oct 4, 2023 · baffd95 · baffd95
1 parent cb1b3c2
commit baffd95
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 15 deletions.
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
@@ -80,15 +80,17 @@
   vars:
     packages:
       - containerd.io
-      - docker-ce
-      - docker-ce-cli
-      - https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd-0.3.4-3.el8.x86_64.rpm
 
-#- name: create containerd config
-#  shell: containerd config default > /etc/containerd/config.toml
+- name: create containerd config
+  shell: containerd config default > /etc/containerd/config.toml
 
-#- name: enable SystemdCgroup
-#  lineinfile: dest=/etc/containerd/config.toml regexp="SystemdCgroup" line="SystemdCgroup = true" state=present
+- name: enable SystemdCgroup
+  lineinfile: dest=/etc/containerd/config.toml regexp="SystemdCgroup" line="SystemdCgroup = true" state=present
+
+# See
+# https://github.com/kubevirt/containerized-data-importer/blob/f5d0b70b096abd856acff67eb4fc0cab0b474d89/doc/block_cri_ownership_config.md
+- name: enable device_ownership_from_security_context
+  lineinfile: dest=/etc/containerd/config.toml regexp="device_ownership_from_security_context" line="device_ownership_from_security_context = true" state=present
 
 - name: install kubernetes
   dnf: name={{ packages }} state=present disable_gpg_check=yes
@@ -117,10 +119,7 @@
   service: name={{ item }} state=started enabled=yes
   with_items:
     - kubelet
-    - docker
-
-- name: enable cri-docker
-  service: name=cri-docker state=started enabled=yes
+    - containerd
 
 - name: turn off swap
   command: swapoff -a

diff --git a/roles/final/tasks/main.yml b/roles/final/tasks/main.yml
@@ -5,5 +5,3 @@
   delay: 5
   until: result.rc == 0
 
-- name: bounce coredns (bug fix)
-  command: kubectl -n kube-system rollout restart deployment/coredns
diff --git a/roles/master/tasks/main.yml b/roles/master/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: initialize kubeadm on master
-  command: kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///var/run/cri-dockerd.sock --token={{ kubernetes_token }} --apiserver-cert-extra-sans={{ kubeup_host_ip }} --apiserver-advertise-address={{ ansible_eth0.ipv4.address }}
+  command: kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///run/containerd/containerd.sock --token={{ kubernetes_token }} --apiserver-cert-extra-sans={{ kubeup_host_ip }} --apiserver-advertise-address={{ ansible_eth0.ipv4.address }}
 
 # Had to copy it and set privileged: true
 # (which took me TWO days of debugging to figure out)

diff --git a/roles/nodes/tasks/main.yml b/roles/nodes/tasks/main.yml
@@ -2,7 +2,7 @@
     master_name: "{{ inventory_hostname | regex_replace('-node.*$') }}-master"
 
 - name: join with master
-  command: kubeadm join --ignore-preflight-errors=cri --discovery-token-unsafe-skip-ca-verification --cri-socket=unix:///var/run/cri-dockerd.sock --token={{ kubernetes_token }} {{ master_name }}:6443
+  command: kubeadm join --ignore-preflight-errors=cri --discovery-token-unsafe-skip-ca-verification --cri-socket=unix:///run/containerd/containerd.sock --token={{ kubernetes_token }} {{ master_name }}:6443
 
 #- include_tasks: tls.yml
 #  when: tls