Add back support for kubenet style networking with containerd

2021-01-24 18:30:38 +02:00 · 2021-01-24 18:30:38 +02:00 · 7aeb8c2af3
parent 08d0183f59
commit 7aeb8c2af3
6 changed files with 75 additions and 17 deletions
--- a/cmd/kops/BUILD.bazel
+++ b/cmd/kops/BUILD.bazel
@ -79,7 +79,6 @@ go_library(
        "//pkg/kopscodecs:go_default_library",
        "//pkg/kubeconfig:go_default_library",
        "//pkg/kubemanifest:go_default_library",
-        "//pkg/model/components:go_default_library",
        "//pkg/pki:go_default_library",
        "//pkg/pretty:go_default_library",
        "//pkg/resources:go_default_library",
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@ -40,7 +40,6 @@ import (
 	"k8s.io/kops/pkg/featureflag"
 	"k8s.io/kops/pkg/kubeconfig"
 	"k8s.io/kops/pkg/kubemanifest"
-	"k8s.io/kops/pkg/model/components"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup"
 	"k8s.io/kops/upup/pkg/fi/utils"
@ -489,9 +488,6 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr
 	if c.ContainerRuntime != "" {
 		cluster.Spec.ContainerRuntime = c.ContainerRuntime
 	}
-	if c.ContainerRuntime == "containerd" && components.UsesKubenet(cluster.Spec.Networking) {
-		return fmt.Errorf("--networking with CNI plugin is required for containerd")
-	}

 	if c.NetworkCIDR != "" {
 		cluster.Spec.NetworkCIDR = c.NetworkCIDR
--- a/nodeup/pkg/model/containerd.go
+++ b/nodeup/pkg/model/containerd.go
@ -27,6 +27,7 @@ import (
 	"k8s.io/kops/nodeup/pkg/model/resources"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/flagbuilder"
+	"k8s.io/kops/pkg/model/components"
 	"k8s.io/kops/pkg/systemd"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
@ -96,6 +97,14 @@ func (b *ContainerdBuilder) Build(c *fi.ModelBuilderContext) error {

 		// Add configuration file for easier use of crictl
 		b.addCrictlConfig(c)
+
+		// Using containerd with Kubenet requires special configuration.
+		// This is a temporary backwards-compatible solution for kubenet users and will be deprecated when Kubenet is deprecated:
+		// https://github.com/containerd/containerd/blob/master/docs/cri/config.md#cni-config-template
+		if components.UsesKubenet(b.Cluster.Spec.Networking) {
+			b.buildCNIConfigTemplateFile(c)
+		}
+
 	}

 	var containerRuntimeVersion string
@ -294,3 +303,37 @@ runtime-endpoint: unix:///run/containerd/containerd.sock
 		Type:     nodetasks.FileType_File,
 	})
 }
+
+// buildCNIConfigTemplateFile is responsible for creating a special template for setups using Kubenet
+func (b *ContainerdBuilder) buildCNIConfigTemplateFile(c *fi.ModelBuilderContext) {
+	contents := `{
+    "cniVersion": "0.4.0",
+    "name": "containerd-net",
+    "plugins": [
+        {
+            "type": "bridge",
+            "bridge": "cni0",
+            "isGateway": true,
+            "ipMasq": true,
+            "promiscMode": true,
+            "ipam": {
+                "type": "host-local",
+                "ranges": [[{"subnet": "{{.PodCIDR}}"}]],
+                "routes": [{ "dst": "0.0.0.0/0" }]
+            }
+        },
+        {
+            "type": "portmap",
+            "capabilities": {"portMappings": true}
+        }
+    ]
+}
+`
+	klog.V(8).Infof("Built containerd CNI config template\n%s", contents)
+
+	c.AddTask(&nodetasks.File{
+		Path:     "/etc/containerd/config-cni.template",
+		Contents: fi.NewStringResource(contents),
+		Type:     nodetasks.FileType_File,
+	})
+}
--- a/nodeup/pkg/model/tests/containerdbuilder/simple/tasks.yaml
+++ b/nodeup/pkg/model/tests/containerdbuilder/simple/tasks.yaml
@ -1,3 +1,29 @@
+contents: |
+  {
+      "cniVersion": "0.4.0",
+      "name": "containerd-net",
+      "plugins": [
+          {
+              "type": "bridge",
+              "bridge": "cni0",
+              "isGateway": true,
+              "ipMasq": true,
+              "promiscMode": true,
+              "ipam": {
+                  "type": "host-local",
+                  "ranges": [[{"subnet": "{{.PodCIDR}}"}]],
+                  "routes": [{ "dst": "0.0.0.0/0" }]
+              }
+          },
+          {
+              "type": "portmap",
+              "capabilities": {"portMappings": true}
+          }
+      ]
+  }
+path: /etc/containerd/config-cni.template
+type: file
+---
 contents: ""
 path: /etc/containerd/config-kops.toml
 type: file
--- a/pkg/apis/kops/validation/validation.go
+++ b/pkg/apis/kops/validation/validation.go
@ -517,16 +517,10 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath *
 	}

 	if v.Kubenet != nil {
-		if c.ContainerRuntime == "containerd" {
-			allErrs = append(allErrs, field.Invalid(fldPath, "kubenet", "kubenet networking is not supported with containerd"))
-		}
 		optionTaken = true
 	}

 	if v.External != nil {
-		if c.ContainerRuntime == "containerd" {
-			allErrs = append(allErrs, field.Invalid(fldPath, "external", "external networking is not supported with containerd"))
-		}
 		if optionTaken {
 			allErrs = append(allErrs, field.Forbidden(fldPath.Child("external"), "only one networking option permitted"))
 		}
@ -541,9 +535,6 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath *
 	}

 	if v.Kopeio != nil {
-		if c.ContainerRuntime == "containerd" {
-			allErrs = append(allErrs, field.Invalid(fldPath, "kopeio", "kopeio networking is not supported with containerd"))
-		}
 		if optionTaken {
 			allErrs = append(allErrs, field.Forbidden(fldPath.Child("kopeio"), "only one networking option permitted"))
 		}
@ -628,9 +619,6 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath *
 	}

 	if v.GCE != nil {
-		if c.ContainerRuntime == "containerd" {
-			allErrs = append(allErrs, field.Invalid(fldPath, "gce", "gce networking is not supported with containerd"))
-		}
 		if optionTaken {
 			allErrs = append(allErrs, field.Forbidden(fldPath.Child("gce"), "only one networking option permitted"))
 		}
--- a/pkg/model/components/containerd.go
+++ b/pkg/model/components/containerd.go
@ -62,6 +62,12 @@ func (b *ContainerdOptionsBuilder) BuildOptions(o interface{}) error {
 				config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "registry", "mirrors", name, "endpoint"}, endpoints)
 			}
 			config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "containerd", "runtimes", "runc", "runtime_type"}, "io.containerd.runc.v2")
+			if UsesKubenet(clusterSpec.Networking) {
+				// Using containerd with Kubenet requires special configuration.
+				// This is a temporary backwards-compatible solution for kubenet users and will be deprecated when Kubenet is deprecated:
+				// https://github.com/containerd/containerd/blob/master/docs/cri/config.md#cni-config-template
+				config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "cni", "conf_template"}, "/etc/containerd/config-cni.template")
+			}
 			containerd.ConfigOverride = fi.String(config.String())
 		}