tests: install latest cri-tools dynamically

Resolve the cri-tools release at install time instead of pinning a
version in versions.yaml: install_cri_tools now queries the GitHub
releases API for the absolute latest stable tag, and the kata-monitor,
cri-containerd and nydus jobs call it directly.

Also write /etc/crictl.yaml during containerd setup so crictl stops
emitting deprecation warnings about the legacy default endpoints.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Assisted-by: OpenAI Codex <codex@openai.com>
This commit is contained in:
Fabiano Fidêncio
2026-06-03 12:57:53 +02:00
committed by Fabiano Fidêncio
parent 63fec205fe
commit 285d5daa23
5 changed files with 51 additions and 27 deletions

View File

@@ -1089,6 +1089,19 @@ function install_cri_containerd() {
| sudo tee /etc/containerd/config.toml > /dev/null
ensure_containerd_conf_d_rootful_api_sockets
# Drop a default /etc/crictl.yaml pointing at the freshly-installed
# containerd socket so crictl does not probe — and warn loudly about
# — the legacy default endpoints (dockershim, CRI-O, cri-dockerd) on
# every invocation. cri-tools v1.30+ deprecated the implicit default
# endpoint discovery, which means every crictl call without this
# config emits noisy validation errors for sockets that do not exist
# on the runner.
sudo tee /etc/crictl.yaml > /dev/null <<-EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
EOF
# Always write the service file pointing at the just-installed binary and
# reload systemd so the correct binary is used on the next start.
# The runner image may have a pre-installed containerd unit pointing at a
@@ -1129,12 +1142,26 @@ EOF
sudo systemctl daemon-reload
}
# base_version: The version to be intalled in the ${major}.${minor} format
# Installs cri-tools (crictl). When a base_version (${major}.${minor}) is
# supplied the matching latest patch release is used; otherwise — and this is
# the default in CI — the absolute latest stable release published on GitHub
# is fetched. cri-tools is intentionally not pinned in versions.yaml so we
# always exercise a crictl that speaks current CRI protocol revisions.
function install_cri_tools() {
base_version="${1}"
base_version="${1:-}"
project="kubernetes-sigs/cri-tools"
version=$(get_latest_patch_release_from_a_github_project "${project}" "${base_version}")
if [[ -n "${base_version}" ]]; then
version=$(get_latest_patch_release_from_a_github_project "${project}" "${base_version}")
else
version=$(curl \
${GH_TOKEN:+--header "Authorization: Bearer ${GH_TOKEN}"} \
--fail-with-body \
--show-error \
--silent \
"https://api.github.com/repos/${project}/releases/latest" \
| jq -r .tag_name)
fi
tarball_name="crictl-${version}-linux-$("${repo_root_dir}"/tests/kata-arch.sh -g).tar.gz"

View File

@@ -35,23 +35,24 @@ function install_dependencies() {
# Dependency list of projects that we can install
# directly from their releases on GitHub:
# - cri-tools
# - containerd
# - cri-container-cni release tarball already includes CNI plugins
# - runc
# - cni-plugins
cri_tools_version=$(get_from_kata_deps ".externals.critools.latest")
declare -a github_deps
github_deps[0]="cri_tools:${cri_tools_version}"
# shellcheck disable=SC2154
github_deps[1]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"
github_deps[2]="runc:$(get_from_kata_deps ".externals.runc.latest")"
github_deps[3]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")"
github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"
github_deps[1]="runc:$(get_from_kata_deps ".externals.runc.latest")"
github_deps[2]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")"
for github_dep in "${github_deps[@]}"; do
IFS=":" read -r -a dep <<< "${github_dep}"
"install_${dep[0]}" "${dep[1]}"
done
# cri-tools is resolved at install time to the absolute latest
# release, so it is not pinned via versions.yaml.
install_cri_tools
}
function run() {

View File

@@ -51,19 +51,21 @@ function install_dependencies() {
# directly from their releases on GitHub:
# - containerd
# - cri-container-cni release tarball already includes CNI plugins
# - cri-tools
declare -a github_deps
# shellcheck disable=SC2154
github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"
github_deps[1]="cri_tools:$(get_from_kata_deps ".externals.critools.latest")"
github_deps[2]="runc:$(get_from_kata_deps ".externals.runc.latest")"
github_deps[3]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")"
github_deps[1]="runc:$(get_from_kata_deps ".externals.runc.latest")"
github_deps[2]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")"
for github_dep in "${github_deps[@]}"; do
IFS=":" read -r -a dep <<< "${github_dep}"
"install_${dep[0]}" "${dep[1]}"
done
# cri-tools is resolved at install time to the absolute latest
# release, so it is not pinned via versions.yaml.
install_cri_tools
# Clone containerd as we'll need to build it in order to run the tests
# base_version: The version to be intalled in the ${major}.${minor} format
clone_cri_containerd "$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"

View File

@@ -33,22 +33,24 @@ function install_dependencies() {
# directly from their releases on GitHub:
# - containerd
# - cri-container-cni release tarball already includes CNI plugins
# - cri-tools
# - nydus
# - nydus-snapshotter
declare -a github_deps
# shellcheck disable=SC2154
github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"
github_deps[1]="cri_tools:$(get_from_kata_deps ".externals.critools.latest")"
github_deps[2]="nydus:$(get_from_kata_deps ".externals.nydus.version")"
github_deps[3]="nydus_snapshotter:$(get_from_kata_deps ".externals.nydus-snapshotter.version")"
github_deps[4]="runc:$(get_from_kata_deps ".externals.runc.latest")"
github_deps[5]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")"
github_deps[1]="nydus:$(get_from_kata_deps ".externals.nydus.version")"
github_deps[2]="nydus_snapshotter:$(get_from_kata_deps ".externals.nydus-snapshotter.version")"
github_deps[3]="runc:$(get_from_kata_deps ".externals.runc.latest")"
github_deps[4]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")"
for github_dep in "${github_deps[@]}"; do
IFS=":" read -r -a dep <<< "${github_dep}"
"install_${dep[0]}" "${dep[1]}"
done
# cri-tools is resolved at install time to the absolute latest
# release, so it is not pinned via versions.yaml.
install_cri_tools
}
function run() {

View File

@@ -315,14 +315,6 @@ externals:
minimum: "v1.7"
latest: "v2.3"
critools:
description: "CLI tool for Container Runtime Interface (CRI)"
url: "https://github.com/kubernetes-sigs/cri-tools"
version: "1.23.0"
# As we don't want to disrupt what we have on the `tests` repo, let's
# create a "latest" entry and use that for the GitHub actions tests.
latest: "v1.29"
runc:
description: "CLI tool for spawning and running containers"
url: "https://github.com/opencontainers/runc"