kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

containerd: Don't install crictl and nerdctl by default

This commit is contained in:
Ciprian Hacman 2025-08-09 09:22:18 +03:00
parent a8001b8fba
commit 96a7fd8988
10 changed files with 83 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
k8s/crds/kops.k8s.io_clusters.yaml
View File

@ -897,6 +897,12 @@ spec:
description: ConfigOverride is the complete containerd config
file provided by the user.
type: string
installCriCtl:
description: InstallCriCtl installs crictl (default "false").
type: boolean
installNerdCtl:
description: InstallNerdCtl installs nerdctl (default "false").
type: boolean
logLevel:
description: LogLevel controls the logging details [trace, debug,
info, warn, error, fatal, panic] (default "info").

6
k8s/crds/kops.k8s.io_instancegroups.yaml
View File

@ -133,6 +133,12 @@ spec:
description: ConfigOverride is the complete containerd config
file provided by the user.
type: string
installCriCtl:
description: InstallCriCtl installs crictl (default "false").
type: boolean
installNerdCtl:
description: InstallNerdCtl installs nerdctl (default "false").
type: boolean
logLevel:
description: LogLevel controls the logging details [trace, debug,
info, warn, error, fatal, panic] (default "info").

15
nodeup/pkg/model/crictl.go
View File

@ -33,6 +33,11 @@ type CrictlBuilder struct {
var _ fi.NodeupModelBuilder = &CrictlBuilder{}
func (b *CrictlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
if b.skipInstall() {
klog.V(8).Info("won't install crictl")
return nil
}
assets := b.Assets.FindMatches(regexp.MustCompile(`^crictl$`))
if len(assets) == 0 {
klog.Warning("unable to find any crictl binaries in assets")
@ -65,3 +70,13 @@ func (b *CrictlBuilder) binaryPath() string {
}
return path
}
func (b *CrictlBuilder) skipInstall() bool {
containerd := b.NodeupConfig.ContainerdConfig
if containerd == nil {
return false
}
return containerd.SkipInstall && !containerd.InstallCriCtl
}

40
nodeup/pkg/model/nerdctl.go
View File

@ -18,6 +18,7 @@ package model
import (
"path/filepath"
"regexp"
"k8s.io/klog/v2"
"k8s.io/kops/upup/pkg/fi"
@ -33,24 +34,28 @@ var _ fi.NodeupModelBuilder = &NerdctlBuilder{}
func (b *NerdctlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
if b.skipInstall() {
klog.Info("containerd.skipInstall is set to true; won't install nerdctl")
klog.V(8).Info("won't install nerdctl")
return nil
}
assetName := "nerdctl"
assetPath := ""
asset, err := b.Assets.Find(assetName, assetPath)
if err != nil {
klog.Warningf("unable to locate asset %q: %v", assetName, err)
assets := b.Assets.FindMatches(regexp.MustCompile(`^nerdctl$`))
if len(assets) == 0 {
klog.Warning("unable to find any nerdctl binaries in assets")
return nil
}
if len(assets) > 1 {
klog.Warning("multiple nerdctl binaries are found")
return nil
}
c.AddTask(&nodetasks.File{
Path: b.nerdctlPath(),
Contents: asset,
Type: nodetasks.FileType_File,
Mode: s("0755"),
})
for k, v := range assets {
c.AddTask(&nodetasks.File{
Path: filepath.Join(b.binaryPath(), k),
Contents: v,
Type: nodetasks.FileType_File,
Mode: s("0755"),
})
}
return nil
}
@ -64,19 +69,14 @@ func (b *NerdctlBuilder) binaryPath() string {
path = "/home/kubernetes/bin"
}
return path
}
func (b *NerdctlBuilder) nerdctlPath() string {
return filepath.Join(b.binaryPath(), "nerdctl")
}
func (b *NerdctlBuilder) skipInstall() bool {
d := b.NodeupConfig.ContainerdConfig
containerd := b.NodeupConfig.ContainerdConfig
if d == nil {
if containerd == nil {
return false
}
return d.SkipInstall
return containerd.SkipInstall && !containerd.InstallNerdCtl
}

4
pkg/apis/kops/containerdconfig.go
View File

@ -60,6 +60,10 @@ type ContainerdConfig struct {
NRI *NRIConfig `json:"nri,omitempty"`
// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
// InstallCriCtl installs crictl (default "false").
InstallCriCtl bool `json:"installCriCtl,omitempty"`
// InstallNerdCtl installs nerdctl (default "false").
InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
}
type NRIConfig struct {

4
pkg/apis/kops/v1alpha2/containerdconfig.go
View File

@ -53,6 +53,10 @@ type ContainerdConfig struct {
NRI *NRIConfig `json:"nri,omitempty"`
// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
// InstallCriCtl installs crictl (default "false").
InstallCriCtl bool `json:"installCriCtl,omitempty"`
// InstallNerdCtl installs nerdctl (default "false").
InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
}
type NRIConfig struct {

4
pkg/apis/kops/v1alpha2/zz_generated.conversion.go generated
View File

@ -3318,6 +3318,8 @@ func autoConvert_v1alpha2_ContainerdConfig_To_kops_ContainerdConfig(in *Containe
out.NRI = nil
}
out.UseECRCredentialsForMirrors = in.UseECRCredentialsForMirrors
out.InstallCriCtl = in.InstallCriCtl
out.InstallNerdCtl = in.InstallNerdCtl
return nil
}
@ -3374,6 +3376,8 @@ func autoConvert_kops_ContainerdConfig_To_v1alpha2_ContainerdConfig(in *kops.Con
out.NRI = nil
}
out.UseECRCredentialsForMirrors = in.UseECRCredentialsForMirrors
out.InstallCriCtl = in.InstallCriCtl
out.InstallNerdCtl = in.InstallNerdCtl
return nil
}

4
pkg/apis/kops/v1alpha3/containerdconfig.go
View File

@ -53,6 +53,10 @@ type ContainerdConfig struct {
NRI *NRIConfig `json:"nri,omitempty"`
// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
// InstallCriCtl installs crictl (default "false").
InstallCriCtl bool `json:"installCriCtl,omitempty"`
// InstallNerdCtl installs nerdctl (default "false").
InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
}
type NRIConfig struct {

4
pkg/apis/kops/v1alpha3/zz_generated.conversion.go generated
View File

@ -3563,6 +3563,8 @@ func autoConvert_v1alpha3_ContainerdConfig_To_kops_ContainerdConfig(in *Containe
out.NRI = nil
}
out.UseECRCredentialsForMirrors = in.UseECRCredentialsForMirrors
out.InstallCriCtl = in.InstallCriCtl
out.InstallNerdCtl = in.InstallNerdCtl
return nil
}
@ -3619,6 +3621,8 @@ func autoConvert_kops_ContainerdConfig_To_v1alpha3_ContainerdConfig(in *kops.Con
out.NRI = nil
}
out.UseECRCredentialsForMirrors = in.UseECRCredentialsForMirrors
out.InstallCriCtl = in.InstallCriCtl
out.InstallNerdCtl = in.InstallNerdCtl
return nil
}

30
pkg/nodemodel/fileassets.go
View File

@ -146,23 +146,25 @@ func BuildKubernetesFileAssets(ig model.InstanceGroup, assetBuilder *assets.Asse
if runcAsset != nil {
kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(runcAsset))
}
nerdctlAsset, err := wellknownassets.FindNerdctlAsset(ig, assetBuilder, arch)
if err != nil {
return nil, err
if ig.RawClusterSpec().Containerd.InstallNerdCtl {
nerdctlAsset, err := wellknownassets.FindNerdctlAsset(ig, assetBuilder, arch)
if err != nil {
return nil, err
}
if nerdctlAsset != nil {
kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(nerdctlAsset))
}
}
if nerdctlAsset != nil {
kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(nerdctlAsset))
if ig.RawClusterSpec().Containerd.InstallCriCtl {
crictlAsset, err := wellknownassets.FindCrictlAsset(ig, assetBuilder, arch)
if err != nil {
return nil, err
}
if crictlAsset != nil {
kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(crictlAsset))
}
}
}
crictlAsset, err := wellknownassets.FindCrictlAsset(ig, assetBuilder, arch)
if err != nil {
return nil, err
}
if crictlAsset != nil {
kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(crictlAsset))
}
}
return &KubernetesFileAssets{