containerd: Don't install crictl and nerdctl by default

k8s/crds/kops.k8s.io_clusters.yaml

@@ -897,6 +897,12 @@ spec:
                     description: ConfigOverride is the complete containerd config
                       file provided by the user.
                     type: string
+                  installCriCtl:
+                    description: InstallCriCtl installs crictl (default "false").
+                    type: boolean
+                  installNerdCtl:
+                    description: InstallNerdCtl installs nerdctl (default "false").
+                    type: boolean
                   logLevel:
                     description: LogLevel controls the logging details [trace, debug,
                       info, warn, error, fatal, panic] (default "info").

k8s/crds/kops.k8s.io_instancegroups.yaml

@@ -133,6 +133,12 @@ spec:
                     description: ConfigOverride is the complete containerd config
                       file provided by the user.
                     type: string
+                  installCriCtl:
+                    description: InstallCriCtl installs crictl (default "false").
+                    type: boolean
+                  installNerdCtl:
+                    description: InstallNerdCtl installs nerdctl (default "false").
+                    type: boolean
                   logLevel:
                     description: LogLevel controls the logging details [trace, debug,
                       info, warn, error, fatal, panic] (default "info").

nodeup/pkg/model/crictl.go

@@ -33,6 +33,11 @@ type CrictlBuilder struct {
 var _ fi.NodeupModelBuilder = &CrictlBuilder{}
 
 func (b *CrictlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
+	if b.skipInstall() {
+		klog.V(8).Info("won't install crictl")
+		return nil
+	}
+
 	assets := b.Assets.FindMatches(regexp.MustCompile(`^crictl$`))
 	if len(assets) == 0 {
 		klog.Warning("unable to find any crictl binaries in assets")
@@ -65,3 +70,13 @@ func (b *CrictlBuilder) binaryPath() string {
 	}
 	return path
 }
+
+func (b *CrictlBuilder) skipInstall() bool {
+	containerd := b.NodeupConfig.ContainerdConfig
+
+	if containerd == nil {
+		return false
+	}
+
+	return containerd.SkipInstall && !containerd.InstallCriCtl
+}

nodeup/pkg/model/nerdctl.go

@@ -18,6 +18,7 @@ package model
 
 import (
 	"path/filepath"
+	"regexp"
 
 	"k8s.io/klog/v2"
 	"k8s.io/kops/upup/pkg/fi"
@@ -33,24 +34,28 @@ var _ fi.NodeupModelBuilder = &NerdctlBuilder{}
 
 func (b *NerdctlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 	if b.skipInstall() {
-		klog.Info("containerd.skipInstall is set to true; won't install nerdctl")
+		klog.V(8).Info("won't install nerdctl")
 		return nil
 	}
 
-	assetName := "nerdctl"
+	assets := b.Assets.FindMatches(regexp.MustCompile(`^nerdctl$`))
-	assetPath := ""
+	if len(assets) == 0 {
-	asset, err := b.Assets.Find(assetName, assetPath)
+		klog.Warning("unable to find any nerdctl binaries in assets")
-	if err != nil {
+		return nil
-		klog.Warningf("unable to locate asset %q: %v", assetName, err)
+	}
+	if len(assets) > 1 {
+		klog.Warning("multiple nerdctl binaries are found")
 		return nil
 	}
 
-	c.AddTask(&nodetasks.File{
+	for k, v := range assets {
-		Path:     b.nerdctlPath(),
+		c.AddTask(&nodetasks.File{
-		Contents: asset,
+			Path:     filepath.Join(b.binaryPath(), k),
-		Type:     nodetasks.FileType_File,
+			Contents: v,
-		Mode:     s("0755"),
+			Type:     nodetasks.FileType_File,
-	})
+			Mode:     s("0755"),
+		})
+	}
 
 	return nil
 }
@@ -64,19 +69,14 @@ func (b *NerdctlBuilder) binaryPath() string {
 		path = "/home/kubernetes/bin"
 	}
 	return path
-
-}
-
-func (b *NerdctlBuilder) nerdctlPath() string {
-	return filepath.Join(b.binaryPath(), "nerdctl")
 }
 
 func (b *NerdctlBuilder) skipInstall() bool {
-	d := b.NodeupConfig.ContainerdConfig
+	containerd := b.NodeupConfig.ContainerdConfig
 
-	if d == nil {
+	if containerd == nil {
 		return false
 	}
 
-	return d.SkipInstall
+	return containerd.SkipInstall && !containerd.InstallNerdCtl
 }

pkg/apis/kops/containerdconfig.go

@@ -60,6 +60,10 @@ type ContainerdConfig struct {
 	NRI *NRIConfig `json:"nri,omitempty"`
 	// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
 	UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
+	// InstallCriCtl installs crictl (default "false").
+	InstallCriCtl bool `json:"installCriCtl,omitempty"`
+	// InstallNerdCtl installs nerdctl (default "false").
+	InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
 }
 
 type NRIConfig struct {

pkg/apis/kops/v1alpha2/containerdconfig.go

@@ -53,6 +53,10 @@ type ContainerdConfig struct {
 	NRI *NRIConfig `json:"nri,omitempty"`
 	// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
 	UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
+	// InstallCriCtl installs crictl (default "false").
+	InstallCriCtl bool `json:"installCriCtl,omitempty"`
+	// InstallNerdCtl installs nerdctl (default "false").
+	InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
 }
 
 type NRIConfig struct {

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -3318,6 +3318,8 @@ func autoConvert_v1alpha2_ContainerdConfig_To_kops_ContainerdConfig(in *Containe
 		out.NRI = nil
 	}
 	out.UseECRCredentialsForMirrors = in.UseECRCredentialsForMirrors
+	out.InstallCriCtl = in.InstallCriCtl
+	out.InstallNerdCtl = in.InstallNerdCtl
 	return nil
 }
 
@@ -3374,6 +3376,8 @@ func autoConvert_kops_ContainerdConfig_To_v1alpha2_ContainerdConfig(in *kops.Con
 		out.NRI = nil
 	}
 	out.UseECRCredentialsForMirrors = in.UseECRCredentialsForMirrors
+	out.InstallCriCtl = in.InstallCriCtl
+	out.InstallNerdCtl = in.InstallNerdCtl
 	return nil
 }
 

pkg/apis/kops/v1alpha3/containerdconfig.go

@@ -53,6 +53,10 @@ type ContainerdConfig struct {
 	NRI *NRIConfig `json:"nri,omitempty"`
 	// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
 	UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
+	// InstallCriCtl installs crictl (default "false").
+	InstallCriCtl bool `json:"installCriCtl,omitempty"`
+	// InstallNerdCtl installs nerdctl (default "false").
+	InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
 }
 
 type NRIConfig struct {

pkg/apis/kops/v1alpha3/zz_generated.conversion.go

@@ -3563,6 +3563,8 @@ func autoConvert_v1alpha3_ContainerdConfig_To_kops_ContainerdConfig(in *Containe
 		out.NRI = nil
 	}
 	out.UseECRCredentialsForMirrors = in.UseECRCredentialsForMirrors
+	out.InstallCriCtl = in.InstallCriCtl
+	out.InstallNerdCtl = in.InstallNerdCtl
 	return nil
 }
 
@@ -3619,6 +3621,8 @@ func autoConvert_kops_ContainerdConfig_To_v1alpha3_ContainerdConfig(in *kops.Con
 		out.NRI = nil
 	}
 	out.UseECRCredentialsForMirrors = in.UseECRCredentialsForMirrors
+	out.InstallCriCtl = in.InstallCriCtl
+	out.InstallNerdCtl = in.InstallNerdCtl
 	return nil
 }
 

pkg/nodemodel/fileassets.go

@@ -146,23 +146,25 @@ func BuildKubernetesFileAssets(ig model.InstanceGroup, assetBuilder *assets.Asse
 			if runcAsset != nil {
 				kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(runcAsset))
 			}
-			nerdctlAsset, err := wellknownassets.FindNerdctlAsset(ig, assetBuilder, arch)
+			if ig.RawClusterSpec().Containerd.InstallNerdCtl {
-			if err != nil {
+				nerdctlAsset, err := wellknownassets.FindNerdctlAsset(ig, assetBuilder, arch)
-				return nil, err
+				if err != nil {
+					return nil, err
+				}
+				if nerdctlAsset != nil {
+					kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(nerdctlAsset))
+				}
 			}
-			if nerdctlAsset != nil {
+			if ig.RawClusterSpec().Containerd.InstallCriCtl {
-				kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(nerdctlAsset))
+				crictlAsset, err := wellknownassets.FindCrictlAsset(ig, assetBuilder, arch)
+				if err != nil {
+					return nil, err
+				}
+				if crictlAsset != nil {
+					kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(crictlAsset))
+				}
 			}
 		}
-
-		crictlAsset, err := wellknownassets.FindCrictlAsset(ig, assetBuilder, arch)
-		if err != nil {
-			return nil, err
-		}
-		if crictlAsset != nil {
-			kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(crictlAsset))
-		}
-
 	}
 
 	return &KubernetesFileAssets{