mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
remove docker installation from everywhere
This commit is contained in:
parent
df2768123d
commit
19a01fa8c6
@ -51,7 +51,7 @@ spec:
|
|||||||
command:
|
command:
|
||||||
- "/bin/sh"
|
- "/bin/sh"
|
||||||
- "-c"
|
- "-c"
|
||||||
- "exec /node-problem-detector --logtostderr --config.system-log-monitor=/config/kernel-monitor.json,/config/docker-monitor.json,/config/systemd-monitor.json --config.custom-plugin-monitor=/config/kernel-monitor-counter.json,/config/systemd-monitor-counter.json --config.system-stats-monitor=/config/system-stats-monitor.json >>/var/log/node-problem-detector.log 2>&1"
|
- "exec /node-problem-detector --logtostderr --config.system-log-monitor=/config/kernel-monitor.json,/config/systemd-monitor.json --config.custom-plugin-monitor=/config/kernel-monitor-counter.json,/config/systemd-monitor-counter.json --config.system-stats-monitor=/config/system-stats-monitor.json >>/var/log/node-problem-detector.log 2>&1"
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
resources:
|
resources:
|
||||||
|
@ -472,44 +472,6 @@ function load-docker-images {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# If we are on ubuntu we can try to install docker
|
|
||||||
function install-docker {
|
|
||||||
# bailout if we are not on ubuntu
|
|
||||||
if ! command -v apt-get >/dev/null 2>&1; then
|
|
||||||
echo "Unable to automatically install docker. Bailing out..."
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
# Install Docker deps, some of these are already installed in the image but
|
|
||||||
# that's fine since they won't re-install and we can reuse the code below
|
|
||||||
# for another image someday.
|
|
||||||
apt-get update
|
|
||||||
apt-get install -y --no-install-recommends \
|
|
||||||
apt-transport-https \
|
|
||||||
ca-certificates \
|
|
||||||
socat \
|
|
||||||
curl \
|
|
||||||
gnupg2 \
|
|
||||||
software-properties-common \
|
|
||||||
lsb-release
|
|
||||||
|
|
||||||
release=$(lsb_release -cs)
|
|
||||||
|
|
||||||
# Add the Docker apt-repository
|
|
||||||
# shellcheck disable=SC2086
|
|
||||||
curl ${CURL_FLAGS} \
|
|
||||||
--location \
|
|
||||||
"https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID")/gpg" \
|
|
||||||
| apt-key add -
|
|
||||||
add-apt-repository \
|
|
||||||
"deb [arch=${HOST_ARCH}] https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID") \
|
|
||||||
$release stable"
|
|
||||||
|
|
||||||
# Install Docker
|
|
||||||
apt-get update && \
|
|
||||||
apt-get install -y --no-install-recommends "${GCI_DOCKER_VERSION:-"docker-ce=5:19.03.*"}"
|
|
||||||
rm -rf /var/lib/apt/lists/*
|
|
||||||
}
|
|
||||||
|
|
||||||
# If we are on ubuntu we can try to install containerd
|
# If we are on ubuntu we can try to install containerd
|
||||||
function install-containerd-ubuntu {
|
function install-containerd-ubuntu {
|
||||||
# bailout if we are not on ubuntu
|
# bailout if we are not on ubuntu
|
||||||
@ -591,7 +553,7 @@ function ensure-container-runtime {
|
|||||||
if [[ -e "/etc/profile.d/containerd_env.sh" ]]; then
|
if [[ -e "/etc/profile.d/containerd_env.sh" ]]; then
|
||||||
log-wrap 'SourceContainerdEnv' source "/etc/profile.d/containerd_env.sh"
|
log-wrap 'SourceContainerdEnv' source "/etc/profile.d/containerd_env.sh"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Verify presence and print versions of ctr, containerd, runc
|
# Verify presence and print versions of ctr, containerd, runc
|
||||||
if ! command -v ctr >/dev/null 2>&1; then
|
if ! command -v ctr >/dev/null 2>&1; then
|
||||||
echo "ERROR ctr not found. Aborting."
|
echo "ERROR ctr not found. Aborting."
|
||||||
|
@ -982,7 +982,7 @@ function Configure-GcePdTools {
|
|||||||
Import-Module -Name $modulePath'.replace('K8S_DIR', ${env:K8S_DIR})
|
Import-Module -Name $modulePath'.replace('K8S_DIR', ${env:K8S_DIR})
|
||||||
}
|
}
|
||||||
|
|
||||||
# Setup cni network. This function supports both Docker and containerd.
|
# Setup cni network for containerd.
|
||||||
function Prepare-CniNetworking {
|
function Prepare-CniNetworking {
|
||||||
Configure_Containerd_CniNetworking
|
Configure_Containerd_CniNetworking
|
||||||
}
|
}
|
||||||
@ -1213,8 +1213,7 @@ function Pull-InfraContainer {
|
|||||||
Log-Output "Infra/pause container:`n$inspect"
|
Log-Output "Infra/pause container:`n$inspect"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Setup the container runtime on the node. It supports both
|
# Setup the containerd on the node.
|
||||||
# Docker and containerd.
|
|
||||||
function Setup-ContainerRuntime {
|
function Setup-ContainerRuntime {
|
||||||
Install-Pigz
|
Install-Pigz
|
||||||
Install_Containerd
|
Install_Containerd
|
||||||
@ -1251,35 +1250,6 @@ function Enable-HyperVFeature {
|
|||||||
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Management-PowerShell -All -NoRestart
|
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Management-PowerShell -All -NoRestart
|
||||||
}
|
}
|
||||||
|
|
||||||
function Test-DockerIsInstalled {
|
|
||||||
return ((Get-Package `
|
|
||||||
-ProviderName DockerMsftProvider `
|
|
||||||
-ErrorAction SilentlyContinue |
|
|
||||||
Where-Object Name -eq 'docker') -ne $null)
|
|
||||||
}
|
|
||||||
|
|
||||||
function Test-DockerIsRunning {
|
|
||||||
return ((Get-Service docker).Status -eq 'Running')
|
|
||||||
}
|
|
||||||
|
|
||||||
# Installs Docker EE via the DockerMsftProvider. Ensure that the Windows
|
|
||||||
# Containers feature is installed before calling this function; otherwise,
|
|
||||||
# a restart may be needed after this function returns.
|
|
||||||
function Install-Docker {
|
|
||||||
Log-Output 'Installing NuGet module'
|
|
||||||
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
|
|
||||||
|
|
||||||
Log-Output 'Installing DockerMsftProvider module'
|
|
||||||
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
|
|
||||||
|
|
||||||
Log-Output "Installing latest Docker EE version"
|
|
||||||
Install-Package `
|
|
||||||
-Name docker `
|
|
||||||
-ProviderName DockerMsftProvider `
|
|
||||||
-Force `
|
|
||||||
-Verbose
|
|
||||||
}
|
|
||||||
|
|
||||||
# Configures the TCP/IP parameters to be in sync with the GCP recommendation.
|
# Configures the TCP/IP parameters to be in sync with the GCP recommendation.
|
||||||
# Not setting these values correctly can cause network issues for connections
|
# Not setting these values correctly can cause network issues for connections
|
||||||
# that live longer than 10 minutes.
|
# that live longer than 10 minutes.
|
||||||
@ -1518,7 +1488,7 @@ function Install-Pigz {
|
|||||||
Expand-Archive -Path "$PIGZ_ROOT\pigz-$PIGZ_VERSION.zip" `
|
Expand-Archive -Path "$PIGZ_ROOT\pigz-$PIGZ_VERSION.zip" `
|
||||||
-DestinationPath $PIGZ_ROOT
|
-DestinationPath $PIGZ_ROOT
|
||||||
Remove-Item -Path "$PIGZ_ROOT\pigz-$PIGZ_VERSION.zip"
|
Remove-Item -Path "$PIGZ_ROOT\pigz-$PIGZ_VERSION.zip"
|
||||||
# Docker and Containerd search for unpigz.exe on the first container image
|
# Containerd search for unpigz.exe on the first container image
|
||||||
# pull request after the service is started. If unpigz.exe is in the
|
# pull request after the service is started. If unpigz.exe is in the
|
||||||
# Windows path it'll use it instead of the default unzipper.
|
# Windows path it'll use it instead of the default unzipper.
|
||||||
# See: https://github.com/containerd/containerd/issues/1896
|
# See: https://github.com/containerd/containerd/issues/1896
|
||||||
|
@ -1,127 +0,0 @@
|
|||||||
#cloud-config
|
|
||||||
|
|
||||||
write_files:
|
|
||||||
- path: /etc/systemd/system/upgrade-docker.service
|
|
||||||
permissions: 0644
|
|
||||||
owner: root
|
|
||||||
content: |
|
|
||||||
[Unit]
|
|
||||||
Description=Upgrade Docker Binaries
|
|
||||||
Requires=network-online.target
|
|
||||||
After=network-online.target docker.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
# RemainAfterExit so the service runs exactly once.
|
|
||||||
RemainAfterExit=yes
|
|
||||||
ExecStartPre=/bin/mkdir -p /home/upgrade-docker/bin
|
|
||||||
ExecStartPre=/bin/mount --bind /home/upgrade-docker/bin /home/upgrade-docker/bin
|
|
||||||
ExecStartPre=/bin/mount -o remount,exec /home/upgrade-docker/bin
|
|
||||||
ExecStart=/bin/bash /tmp/upgrade-docker/upgrade.sh
|
|
||||||
ExecStartPost=-/bin/rm -rf /home/upgrade-docker/download
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
|
|
||||||
- path: /tmp/upgrade-docker/upgrade.sh
|
|
||||||
permissions: 0644
|
|
||||||
owner: root
|
|
||||||
content: |
|
|
||||||
# This script reads a GCE metadata key for the user specified Docker
|
|
||||||
# version, downloads, and replaces the builtin Docker with it.
|
|
||||||
|
|
||||||
set -x
|
|
||||||
set -o errexit
|
|
||||||
set -o nounset
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
# Checks if a Docker binary is the version we want.
|
|
||||||
# $1: Docker binary
|
|
||||||
# $2: Requested version
|
|
||||||
check_installed() {
|
|
||||||
local docker_bin="$1"
|
|
||||||
local requested_version="$2"
|
|
||||||
[[ "$(${docker_bin} --version)" =~ "Docker version ${requested_version}," ]]
|
|
||||||
}
|
|
||||||
|
|
||||||
# $1: Docker version
|
|
||||||
download_and_install_docker() {
|
|
||||||
local requested_version="$1"
|
|
||||||
local download_dir=/home/upgrade-docker/download/docker-"${requested_version}"
|
|
||||||
local install_location=/home/upgrade-docker/bin
|
|
||||||
local docker_tgz="docker-${requested_version}.tgz"
|
|
||||||
|
|
||||||
if [[ "${requested_version}" =~ "rc" ]]; then
|
|
||||||
# RC releases all have the word "rc" in their version
|
|
||||||
# number, e.g., "1.11.1-rc1".
|
|
||||||
download_url="https://test.docker.com/builds/Linux/x86_64/${docker_tgz}"
|
|
||||||
else
|
|
||||||
download_url="https://get.docker.com/builds/Linux/x86_64/${docker_tgz}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Downloading Docker version ${requested_version} from "\
|
|
||||||
"${download_url} to ${download_dir} ..."
|
|
||||||
|
|
||||||
# Download and install the binaries.
|
|
||||||
mkdir -p "${download_dir}"/binaries
|
|
||||||
/usr/bin/curl -o "${download_dir}/${docker_tgz}" --fail "${download_url}"
|
|
||||||
tar xzf "${download_dir}/${docker_tgz}" -C "${download_dir}"/binaries
|
|
||||||
cp "${download_dir}"/binaries/docker/docker* "${install_location}"
|
|
||||||
mount --bind "${install_location}"/docker /usr/bin/docker
|
|
||||||
mount --bind "${install_location}"/docker-containerd /usr/bin/docker-containerd
|
|
||||||
mount --bind "${install_location}"/docker-containerd-shim /usr/bin/docker-containerd-shim
|
|
||||||
mount --bind "${install_location}"/dockerd /usr/bin/dockerd
|
|
||||||
mount --bind "${install_location}"/docker-proxy /usr/bin/docker-proxy
|
|
||||||
mount --bind "${install_location}"/docker-runc /usr/bin/docker-runc
|
|
||||||
echo "PATH=/home/upgrade-docker/bin:/sbin:/bin:/usr/sbin:/usr/bin" >> /etc/default/docker
|
|
||||||
}
|
|
||||||
|
|
||||||
# $1: Metadata key
|
|
||||||
get_metadata() {
|
|
||||||
/usr/bin/curl --fail --retry 5 --retry-delay 3 --silent --show-error \
|
|
||||||
-H "X-Google-Metadata-Request: True" \
|
|
||||||
http://metadata.google.internal/computeMetadata/v1/instance/attributes/"$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
main() {
|
|
||||||
# Get the desired Docker version through the following metadata key.
|
|
||||||
local requested_version="$(get_metadata "gci-docker-version")"
|
|
||||||
if [[ -z "${requested_version}" ]]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if we have the requested version installed.
|
|
||||||
if check_installed /usr/bin/docker "${requested_version}"; then
|
|
||||||
echo "Requested version already installed. Exiting."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Stop the docker daemon during upgrade.
|
|
||||||
/usr/bin/systemctl stop docker
|
|
||||||
download_and_install_docker "${requested_version}"
|
|
||||||
|
|
||||||
# Assert that the upgrade was successful.
|
|
||||||
local rc=0
|
|
||||||
check_installed /usr/bin/docker "${requested_version}" || rc=1
|
|
||||||
/usr/bin/systemctl start docker && exit $rc
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
|
|
||||||
runcmd:
|
|
||||||
- systemctl daemon-reload
|
|
||||||
- systemctl start upgrade-docker.service
|
|
||||||
- mount /tmp /tmp -o remount,exec,suid
|
|
||||||
- usermod -a -G docker jenkins
|
|
||||||
- mkdir -p /var/lib/kubelet
|
|
||||||
- mkdir -p /home/kubernetes/containerized_mounter/rootfs
|
|
||||||
- mount --bind /home/kubernetes/containerized_mounter/ /home/kubernetes/containerized_mounter/
|
|
||||||
- mount -o remount, exec /home/kubernetes/containerized_mounter/
|
|
||||||
- wget https://dl.k8s.io/gci-mounter/mounter.tar -O /tmp/mounter.tar
|
|
||||||
- tar xvf /tmp/mounter.tar -C /home/kubernetes/containerized_mounter/rootfs
|
|
||||||
- mkdir -p /home/kubernetes/containerized_mounter/rootfs/var/lib/kubelet
|
|
||||||
- mount --rbind /var/lib/kubelet /home/kubernetes/containerized_mounter/rootfs/var/lib/kubelet
|
|
||||||
- mount --make-rshared /home/kubernetes/containerized_mounter/rootfs/var/lib/kubelet
|
|
||||||
- mount --bind /proc /home/kubernetes/containerized_mounter/rootfs/proc
|
|
||||||
- mount --bind /dev /home/kubernetes/containerized_mounter/rootfs/dev
|
|
||||||
- rm /tmp/mounter.tar
|
|
@ -1,121 +0,0 @@
|
|||||||
#cloud-config
|
|
||||||
|
|
||||||
write_files:
|
|
||||||
- path: /etc/systemd/system/upgrade-docker.service
|
|
||||||
permissions: 0644
|
|
||||||
owner: root
|
|
||||||
content: |
|
|
||||||
[Unit]
|
|
||||||
Description=Upgrade Docker Binaries
|
|
||||||
Requires=network-online.target
|
|
||||||
After=network-online.target docker.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
# RemainAfterExit so the service runs exactly once.
|
|
||||||
RemainAfterExit=yes
|
|
||||||
ExecStartPre=/bin/mkdir -p /home/upgrade-docker/bin
|
|
||||||
ExecStartPre=/bin/mount --bind /home/upgrade-docker/bin /home/upgrade-docker/bin
|
|
||||||
ExecStartPre=/bin/mount -o remount,exec /home/upgrade-docker/bin
|
|
||||||
ExecStart=/bin/bash /tmp/upgrade-docker/upgrade.sh
|
|
||||||
ExecStartPost=-/bin/rm -rf /home/upgrade-docker/download
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
|
|
||||||
- path: /tmp/upgrade-docker/upgrade.sh
|
|
||||||
permissions: 0644
|
|
||||||
owner: root
|
|
||||||
content: |
|
|
||||||
# This script reads a GCE metadata key for the user specified Docker
|
|
||||||
# version, downloads, and replaces the builtin Docker with it.
|
|
||||||
|
|
||||||
set -x
|
|
||||||
set -o errexit
|
|
||||||
set -o nounset
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
# Checks if a Docker binary is the version we want.
|
|
||||||
# $1: Docker binary
|
|
||||||
# $2: Requested version
|
|
||||||
check_installed() {
|
|
||||||
local docker_bin="$1"
|
|
||||||
local requested_version="$2"
|
|
||||||
[[ "$(${docker_bin} --version)" =~ "Docker version ${requested_version}," ]]
|
|
||||||
}
|
|
||||||
|
|
||||||
# $1: Docker version
|
|
||||||
download_and_install_docker() {
|
|
||||||
local requested_version="$1"
|
|
||||||
local download_dir=/home/upgrade-docker/download/docker-"${requested_version}"
|
|
||||||
local install_location=/home/upgrade-docker/bin
|
|
||||||
local docker_tgz="docker-${requested_version}.tgz"
|
|
||||||
|
|
||||||
if [[ "${requested_version}" =~ "rc" ]]; then
|
|
||||||
# RC releases all have the word "rc" in their version
|
|
||||||
# number, e.g., "1.11.1-rc1".
|
|
||||||
download_url="https://test.docker.com/builds/Linux/x86_64/${docker_tgz}"
|
|
||||||
else
|
|
||||||
download_url="https://get.docker.com/builds/Linux/x86_64/${docker_tgz}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Downloading Docker version ${requested_version} from "\
|
|
||||||
"${download_url} to ${download_dir} ..."
|
|
||||||
|
|
||||||
# Download and install the binaries.
|
|
||||||
mkdir -p "${download_dir}"/binaries
|
|
||||||
/usr/bin/curl -o "${download_dir}/${docker_tgz}" --fail "${download_url}"
|
|
||||||
tar xzf "${download_dir}/${docker_tgz}" -C "${download_dir}"/binaries
|
|
||||||
cp "${download_dir}"/binaries/docker/docker* "${install_location}"
|
|
||||||
mount --bind "${install_location}"/docker /usr/bin/docker
|
|
||||||
mount --bind "${install_location}"/docker-containerd /usr/bin/containerd
|
|
||||||
mount --bind "${install_location}"/docker-containerd-shim /usr/bin/containerd-shim
|
|
||||||
mount --bind "${install_location}"/dockerd /usr/bin/dockerd
|
|
||||||
mount --bind "${install_location}"/docker-proxy /usr/bin/docker-proxy
|
|
||||||
mount --bind "${install_location}"/docker-runc /usr/sbin/runc
|
|
||||||
echo "PATH=/home/upgrade-docker/bin:/sbin:/bin:/usr/sbin:/usr/bin" >> /etc/default/docker
|
|
||||||
}
|
|
||||||
|
|
||||||
# $1: Metadata key
|
|
||||||
get_metadata() {
|
|
||||||
/usr/bin/curl --fail --retry 5 --retry-delay 3 --silent --show-error \
|
|
||||||
-H "X-Google-Metadata-Request: True" \
|
|
||||||
http://metadata.google.internal/computeMetadata/v1/instance/attributes/"$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
main() {
|
|
||||||
# Get the desired Docker version through the following metadata key.
|
|
||||||
local requested_version="$(get_metadata "ubuntu-docker-version")"
|
|
||||||
if [[ -z "${requested_version}" ]]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Stop the docker daemon during upgrade.
|
|
||||||
systemctl stop docker
|
|
||||||
download_and_install_docker "${requested_version}"
|
|
||||||
|
|
||||||
# Assert that the upgrade was successful.
|
|
||||||
local rc=0
|
|
||||||
check_installed /usr/bin/docker "${requested_version}" || rc=1
|
|
||||||
systemctl start docker && exit $rc
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
|
|
||||||
runcmd:
|
|
||||||
- systemctl daemon-reload
|
|
||||||
- systemctl start upgrade-docker.service
|
|
||||||
- mount /tmp /tmp -o remount,exec,suid
|
|
||||||
- usermod -a -G docker jenkins
|
|
||||||
- mkdir -p /var/lib/kubelet
|
|
||||||
- mkdir -p /home/kubernetes/containerized_mounter/rootfs
|
|
||||||
- mount --bind /home/kubernetes/containerized_mounter/ /home/kubernetes/containerized_mounter/
|
|
||||||
- mount -o remount, exec /home/kubernetes/containerized_mounter/
|
|
||||||
- wget https://dl.k8s.io/gci-mounter/mounter.tar -O /tmp/mounter.tar
|
|
||||||
- tar xvf /tmp/mounter.tar -C /home/kubernetes/containerized_mounter/rootfs
|
|
||||||
- mkdir -p /home/kubernetes/containerized_mounter/rootfs/var/lib/kubelet
|
|
||||||
- mount --rbind /var/lib/kubelet /home/kubernetes/containerized_mounter/rootfs/var/lib/kubelet
|
|
||||||
- mount --make-rshared /home/kubernetes/containerized_mounter/rootfs/var/lib/kubelet
|
|
||||||
- mount --bind /proc /home/kubernetes/containerized_mounter/rootfs/proc
|
|
||||||
- mount --bind /dev /home/kubernetes/containerized_mounter/rootfs/dev
|
|
||||||
- rm /tmp/mounter.tar
|
|
Loading…
Reference in New Issue
Block a user