Merge pull request #107663 from hakman/remove_container-runtime_test_scripts

Clean up logic for deprecated flag --container-runtime in scripts

cluster/gce/config-default.sh

@@ -96,22 +96,10 @@ export NODE_SERVICE_ACCOUNT=${KUBE_GCE_NODE_SERVICE_ACCOUNT:-default}
 # KUBELET_TEST_ARGS are extra arguments passed to kubelet.
 export KUBELET_TEST_ARGS=${KUBE_KUBELET_EXTRA_ARGS:-}
 
-# Default container runtime
-export CONTAINER_RUNTIME=${KUBE_CONTAINER_RUNTIME:-containerd}
-# Default container runtime for windows
-export WINDOWS_CONTAINER_RUNTIME=${KUBE_WINDOWS_CONTAINER_RUNTIME:-containerd}
-
-# Set default values with override
-if [[ "${CONTAINER_RUNTIME}" == "docker" ]]; then
-  export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/dockershim.sock}
-  export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-docker}
-  export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-}
-elif [[ "${CONTAINER_RUNTIME}" == "containerd" ||  "${CONTAINER_RUNTIME}" == "remote" ]]; then
-  export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
-  export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-containerd}
-  export LOG_DUMP_SYSTEMD_SERVICES=${LOG_DUMP_SYSTEMD_SERVICES:-containerd}
-  export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
-fi
+export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
+export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-containerd}
+export LOG_DUMP_SYSTEMD_SERVICES=${LOG_DUMP_SYSTEMD_SERVICES:-containerd}
+export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
 
 # Ability to inject custom versions (Ubuntu OS images ONLY)
 # if KUBE_UBUNTU_INSTALL_CONTAINERD_VERSION or KUBE_UBUNTU_INSTALL_RUNC_VERSION

cluster/gce/config-test.sh

@@ -106,23 +106,11 @@ export NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}}
 export NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-cos-cloud}
 export NODE_SERVICE_ACCOUNT=${KUBE_GCE_NODE_SERVICE_ACCOUNT:-default}
 
-# Default container runtime for linux
-export CONTAINER_RUNTIME=${KUBE_CONTAINER_RUNTIME:-containerd}
-# Default container runtime for windows
-export WINDOWS_CONTAINER_RUNTIME=${KUBE_WINDOWS_CONTAINER_RUNTIME:-containerd}
-
-# Set default values with override
-if [[ "${CONTAINER_RUNTIME}" == "docker" ]]; then
-  export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/dockershim.sock}
-  export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-docker}
-  export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-}
-elif [[ "${CONTAINER_RUNTIME}" == "containerd" || "${CONTAINER_RUNTIME}" == "remote" ]]; then
-  export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
-  export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-containerd}
-  export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
-  export LOG_DUMP_SYSTEMD_SERVICES=${LOG_DUMP_SYSTEMD_SERVICES:-containerd}
-  export CONTAINER_RUNTIME_TEST_HANDLER="true"
-fi
+export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
+export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-containerd}
+export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
+export LOG_DUMP_SYSTEMD_SERVICES=${LOG_DUMP_SYSTEMD_SERVICES:-containerd}
+export CONTAINER_RUNTIME_TEST_HANDLER="true"
 
 export GCI_DOCKER_VERSION=${KUBE_GCI_DOCKER_VERSION:-}
 

cluster/gce/gci/configure-helper.sh

@@ -484,17 +484,17 @@ function ensure-local-ssds-ephemeral-storage() {
   safe-format-and-mount "${device}" "${ephemeral_mountpoint}"
 
   # mount container runtime root dir on SSD
-  local container_runtime="${CONTAINER_RUNTIME:-containerd}"
-  systemctl stop "$container_runtime"
+  local container_runtime_name="${CONTAINER_RUNTIME_NAME:-containerd}"
+  systemctl stop "$container_runtime_name"
   # Some images remount the container runtime root dir.
-  umount "/var/lib/${container_runtime}" || true
+  umount "/var/lib/${container_runtime_name}" || true
   # Move the container runtime's directory to the new location to preserve
   # preloaded images.
-  if [ ! -d "${ephemeral_mountpoint}/${container_runtime}" ]; then
-    mv "/var/lib/${container_runtime}" "${ephemeral_mountpoint}/${container_runtime}"
+  if [ ! -d "${ephemeral_mountpoint}/${container_runtime_name}" ]; then
+    mv "/var/lib/${container_runtime_name}" "${ephemeral_mountpoint}/${container_runtime_name}"
   fi
-  safe-bind-mount "${ephemeral_mountpoint}/${container_runtime}" "/var/lib/${container_runtime}"
-  systemctl start "$container_runtime"
+  safe-bind-mount "${ephemeral_mountpoint}/${container_runtime_name}" "/var/lib/${container_runtime_name}"
+  systemctl start "$container_runtime_name"
 
   # mount kubelet root dir on SSD
   mkdir -p "${ephemeral_mountpoint}/kubelet"
@@ -2550,7 +2550,7 @@ function start-volumesnapshot-crd-and-controller {
 # endpoint.
 function update-container-runtime {
   local -r file="$1"
-  local -r container_runtime_endpoint="${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/containerd/containerd.sock}"
+  local -r container_runtime_endpoint="${CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}"
   sed -i \
     -e "s@{{ *fluentd_container_runtime_service *}}@${FLUENTD_CONTAINER_RUNTIME_SERVICE:-${CONTAINER_RUNTIME_NAME:-containerd}}@g" \
     -e "s@{{ *container_runtime_endpoint *}}@${container_runtime_endpoint#unix://}@g" \
@@ -3446,20 +3446,14 @@ function main() {
   fi
 
   log-wrap 'OverrideKubectl' override-kubectl
-  container_runtime="${CONTAINER_RUNTIME:-containerd}"
-  # Run the containerized mounter once to pre-cache the container image.
-  if [[ "${container_runtime}" == "docker" ]]; then
+  if docker-installed; then
+    # We still need to configure docker so it wouldn't reserver the 172.17.0/16 subnet
+    # And if somebody will start docker to build or pull something, logging will also be set up
     log-wrap 'AssembleDockerFlags' assemble-docker-flags
-  elif [[ "${container_runtime}" == "containerd" ]]; then
-    if docker-installed; then
-      # We still need to configure docker so it wouldn't reserver the 172.17.0/16 subnet
-      # And if somebody will start docker to build or pull something, logging will also be set up
-      log-wrap 'AssembleDockerFlags' assemble-docker-flags
-      # stop docker if it is present as we want to use just containerd
-      log-wrap 'StopDocker' systemctl stop docker || echo "unable to stop docker"
-    fi
-    log-wrap 'SetupContainerd' setup-containerd
+    # stop docker if it is present as we want to use just containerd
+    log-wrap 'StopDocker' systemctl stop docker || echo "unable to stop docker"
   fi
+  log-wrap 'SetupContainerd' setup-containerd
 
   log-start 'SetupKubePodLogReadersGroupDir'
   if [[ -n "${KUBE_POD_LOG_READERS_GROUP:-}" ]]; then

cluster/gce/gci/configure.sh

@@ -340,7 +340,7 @@ function install-crictl {
 
   # Create crictl config file.
   cat > /etc/crictl.yaml <<EOF
-runtime-endpoint: ${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/containerd/containerd.sock}
+runtime-endpoint: ${CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
 EOF
 
   if is-preloaded "${crictl}" "${crictl_hash}"; then
@@ -437,9 +437,7 @@ function try-load-docker-image {
   local -r max_attempts=5
   local -i attempt_num=1
 
-  if [[ "${CONTAINER_RUNTIME_NAME:-}" == "docker" ]]; then
-    load_image_command=${LOAD_IMAGE_COMMAND:-docker load -i}
-  elif [[ "${CONTAINER_RUNTIME_NAME:-}" == "containerd" || "${CONTAINERD_TEST:-}"  == "containerd" ]]; then
+  if [[ "${CONTAINER_RUNTIME_NAME:-}" == "containerd" || "${CONTAINERD_TEST:-}"  == "containerd" ]]; then
     load_image_command=${LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
   else
     load_image_command="${LOAD_IMAGE_COMMAND:-}"
@@ -584,40 +582,28 @@ function install-containerd-ubuntu {
 }
 
 function ensure-container-runtime {
-  container_runtime="${CONTAINER_RUNTIME:-containerd}"
-  if [[ "${container_runtime}" == "docker" ]]; then
-    if ! command -v docker >/dev/null 2>&1; then
-      log-wrap "InstallDocker" install-docker
-      if ! command -v docker >/dev/null 2>&1; then
-        echo "ERROR docker not found. Aborting."
-        exit 2
-      fi
-    fi
-    docker version
-  elif [[ "${container_runtime}" == "containerd" ]]; then
-    # Install containerd/runc if requested
-    if [[ -n "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" || -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
-      log-wrap "InstallContainerdUbuntu" install-containerd-ubuntu
-    fi
-    # Verify presence and print versions of ctr, containerd, runc
-    if ! command -v ctr >/dev/null 2>&1; then
-      echo "ERROR ctr not found. Aborting."
-      exit 2
-    fi
-    ctr --version
-
-    if ! command -v containerd >/dev/null 2>&1; then
-      echo "ERROR containerd not found. Aborting."
-      exit 2
-    fi
-    containerd --version
-
-    if ! command -v runc >/dev/null 2>&1; then
-      echo "ERROR runc not found. Aborting."
-      exit 2
-    fi
-    runc --version
+  # Install containerd/runc if requested
+  if [[ -n "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" || -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
+    log-wrap "InstallContainerdUbuntu" install-containerd-ubuntu
   fi
+  # Verify presence and print versions of ctr, containerd, runc
+  if ! command -v ctr >/dev/null 2>&1; then
+    echo "ERROR ctr not found. Aborting."
+    exit 2
+  fi
+  ctr --version
+
+  if ! command -v containerd >/dev/null 2>&1; then
+    echo "ERROR containerd not found. Aborting."
+    exit 2
+  fi
+  containerd --version
+
+  if ! command -v runc >/dev/null 2>&1; then
+    echo "ERROR runc not found. Aborting."
+    exit 2
+  fi
+  runc --version
 }
 
 # Downloads kubernetes binaries and kube-system manifest tarball, unpacks them,

cluster/gce/gci/health-monitor.sh

@@ -28,15 +28,8 @@ function container_runtime_monitoring {
   local -r max_attempts=5
   local attempt=1
   local -r crictl="${KUBE_HOME}/bin/crictl"
-  local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}"
-  # We still need to use `docker ps` when container runtime is "docker". This is because
-  # dockershim is still part of kubelet today. When kubelet is down, crictl pods
-  # will also fail, and docker will be killed. This is undesirable especially when
-  # docker live restore is disabled.
-  local healthcheck_command=(docker ps)
-  if [[ "${CONTAINER_RUNTIME:-containerd}" != "docker" ]]; then
-    healthcheck_command=("${crictl}" pods)
-  fi
+  local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-containerd}"
+  local -r healthcheck_command=("${crictl}" pods)
   # Container runtime startup takes time. Make initial attempts before starting
   # killing the container runtime.
   until timeout 60 "${healthcheck_command[@]}" > /dev/null; do
@@ -50,12 +43,6 @@ function container_runtime_monitoring {
   while true; do
     if ! timeout 60 "${healthcheck_command[@]}" > /dev/null; then
       echo "Container runtime ${container_runtime_name} failed!"
-      if [[ "$container_runtime_name" == "docker" ]]; then
-          # Dump stack of docker daemon for investigation.
-          # Log fle name looks like goroutine-stacks-TIMESTAMP and will be saved to
-          # the exec root directory, which is /var/run/docker/ on Ubuntu and COS.
-          pkill -SIGUSR1 dockerd
-      fi
       systemctl kill --kill-who=main "${container_runtime_name}"
       # Wait for a while, as we don't want to kill it again before it is really up.
       sleep 120

cluster/gce/util.sh

@@ -794,14 +794,11 @@ function construct-linux-kubelet-flags {
     flags+=" --register-with-taints=${NODE_TAINTS}"
   fi
 
-  flags+=" --container-runtime=remote"
-  if [[ "${CONTAINER_RUNTIME}" == "containerd" ]]; then
-    CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
-    flags+=" --runtime-cgroups=/system.slice/containerd.service"
-  fi
+  CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
+  flags+=" --container-runtime-endpoint=${CONTAINER_RUNTIME_ENDPOINT}"
 
-  if [[ -n "${CONTAINER_RUNTIME_ENDPOINT:-}" ]]; then
-    flags+=" --container-runtime-endpoint=${CONTAINER_RUNTIME_ENDPOINT}"
+  if [[ "${CONTAINER_RUNTIME_ENDPOINT}" =~ /containerd.sock$ ]]; then
+    flags+=" --runtime-cgroups=/system.slice/containerd.service"
   fi
 
   KUBELET_ARGS="${flags}"
@@ -861,11 +858,9 @@ function construct-windows-kubelet-flags {
   # TODO(#78628): Re-enable KubeletPodResources when the issue is fixed.
   # Force disable KubeletPodResources feature on Windows until #78628 is fixed.
   flags+=" --feature-gates=KubeletPodResources=false"
-  flags+=" --container-runtime=remote"
-  if [[ "${WINDOWS_CONTAINER_RUNTIME}" == "containerd" ]]; then
-    WINDOWS_CONTAINER_RUNTIME_ENDPOINT=${KUBE_WINDOWS_CONTAINER_RUNTIME_ENDPOINT:-npipe:////./pipe/containerd-containerd}
-    flags+=" --container-runtime-endpoint=${WINDOWS_CONTAINER_RUNTIME_ENDPOINT}"
-  fi
+
+  WINDOWS_CONTAINER_RUNTIME_ENDPOINT=${KUBE_WINDOWS_CONTAINER_RUNTIME_ENDPOINT:-npipe:////./pipe/containerd-containerd}
+  flags+=" --container-runtime-endpoint=${WINDOWS_CONTAINER_RUNTIME_ENDPOINT}"
 
   KUBELET_ARGS="${flags}"
 }

cluster/gce/windows/configure.ps1

@@ -147,21 +147,6 @@ try {
   # Set the TCP/IP Parameters to keep idle connections alive.
   Set-WindowsTCPParameters
 
-  # Install Docker if the select CRI is not containerd and docker is not already
-  # installed.
-  if (${env:CONTAINER_RUNTIME} -ne "containerd") {
-    if (-not (Test-DockerIsInstalled)) {
-      Install-Docker
-    }
-    # For some reason the docker service may not be started automatically on the
-    # first reboot, although it seems to work fine on subsequent reboots.
-    Restart-Service docker
-    Start-Sleep 5
-    if (-not (Test-DockerIsRunning)) {
-        throw "docker service failed to start or stay running"
-    }
-  }
-
   Set-PrerequisiteOptions
 
   if (Test-IsTestCluster $kube_env) {

cluster/gce/windows/k8s-node-setup.psm1

@@ -262,12 +262,10 @@ function Set_CurrentShellEnvironmentVar {
 # Sets environment variables used by Kubernetes binaries and by other functions
 # in this module. Depends on numerous ${kube_env} keys.
 function Set-EnvironmentVars {
-  if ($kube_env.ContainsKey('WINDOWS_CONTAINER_RUNTIME')) {
-      $container_runtime = ${kube_env}['WINDOWS_CONTAINER_RUNTIME']
+  if ($kube_env.ContainsKey('WINDOWS_CONTAINER_RUNTIME_ENDPOINT')) {
       $container_runtime_endpoint = ${kube_env}['WINDOWS_CONTAINER_RUNTIME_ENDPOINT']
   } else {
-      Log-Output "ERROR: WINDOWS_CONTAINER_RUNTIME not set in kube-env, falling back in CONTAINER_RUNTIME"
-      $container_runtime = ${kube_env}['CONTAINER_RUNTIME']
+      Log-Output "ERROR: WINDOWS_CONTAINER_RUNTIME_ENDPOINT not set in kube-env, falling back in CONTAINER_RUNTIME_ENDPOINT"
       $container_runtime_endpoint = ${kube_env}['CONTAINER_RUNTIME_ENDPOINT']
   }
   # Turning the kube-env values into environment variables is not required but
@@ -304,7 +302,6 @@ function Set-EnvironmentVars {
     "KUBELET_CERT_PATH" = ${kube_env}['PKI_DIR'] + '\kubelet.crt'
     "KUBELET_KEY_PATH" = ${kube_env}['PKI_DIR'] + '\kubelet.key'
 
-    "CONTAINER_RUNTIME" = $container_runtime
     "CONTAINER_RUNTIME_ENDPOINT" = $container_runtime_endpoint
 
     'LICENSE_DIR' = 'C:\Program Files\Google\Compute Engine\THIRD_PARTY_NOTICES'
@@ -987,153 +984,7 @@ function Configure-GcePdTools {
 
 # Setup cni network. This function supports both Docker and containerd.
 function Prepare-CniNetworking {
-  if (${env:CONTAINER_RUNTIME} -eq "containerd") {
-    # For containerd the CNI binaries have already been installed along with
-    # the runtime.
     Configure_Containerd_CniNetworking
-  } else {
-    Install_Cni_Binaries
-    Configure_Dockerd_CniNetworking
-  }
-}
-
-# Downloads the Windows CNI binaries and puts them in $env:CNI_DIR.
-function Install_Cni_Binaries {
-  if (-not (ShouldWrite-File ${env:CNI_DIR}\win-bridge.exe) -and
-      -not (ShouldWrite-File ${env:CNI_DIR}\host-local.exe)) {
-    return
-  }
-
-  $tmp_dir = 'C:\cni_tmp'
-  New-Item $tmp_dir -ItemType 'directory' -Force | Out-Null
-
-  $release_url = "${env:WINDOWS_CNI_STORAGE_PATH}/${env:WINDOWS_CNI_VERSION}/"
-  $tgz_url = ($release_url +
-              "cni-plugins-windows-amd64-${env:WINDOWS_CNI_VERSION}.tgz")
-  $sha_url = ($tgz_url + ".sha512")
-  MustDownload-File -URLs $sha_url -OutFile $tmp_dir\cni-plugins.sha512
-  $sha512_val = ($(Get-Content $tmp_dir\cni-plugins.sha512) -split ' ',2)[0]
-  MustDownload-File `
-      -URLs $tgz_url `
-      -OutFile $tmp_dir\cni-plugins.tgz `
-      -Hash $sha512_val
-
-  tar xzvf $tmp_dir\cni-plugins.tgz -C $tmp_dir
-  Move-Item -Force $tmp_dir\host-local.exe ${env:CNI_DIR}\
-  Move-Item -Force $tmp_dir\win-bridge.exe ${env:CNI_DIR}\
-  Remove-Item -Force -Recurse $tmp_dir
-
-  if (-not ((Test-Path ${env:CNI_DIR}\win-bridge.exe) -and `
-            (Test-Path ${env:CNI_DIR}\host-local.exe))) {
-    Log-Output `
-        "win-bridge.exe and host-local.exe not found in ${env:CNI_DIR}" `
-        -Fatal
-  }
-}
-
-# Writes a CNI config file under $env:CNI_CONFIG_DIR.
-#
-# Prerequisites:
-#   $env:POD_CIDR is set (by Set-PodCidr).
-#   The "management" interface exists (Configure-HostNetworkingService).
-#   The HNS network for pod networking has been configured
-#     (Configure-HostNetworkingService).
-#
-# Required ${kube_env} keys:
-#   DNS_SERVER_IP
-#   DNS_DOMAIN
-#   SERVICE_CLUSTER_IP_RANGE
-function Configure_Dockerd_CniNetworking {
-  $l2bridge_conf = "${env:CNI_CONFIG_DIR}\l2bridge.conf"
-  if (-not (ShouldWrite-File ${l2bridge_conf})) {
-    return
-  }
-
-  $mgmt_ip = (Get_MgmtNetAdapter |
-              Get-NetIPAddress -AddressFamily IPv4).IPAddress
-
-  $cidr_range_start = Get_PodIP_Range_Start(${env:POD_CIDR})
-
-  # Explanation of the CNI config values:
-  #   POD_CIDR: the pod CIDR assigned to this node.
-  #   CIDR_RANGE_START: start of the pod CIDR range.
-  #   MGMT_IP: the IP address assigned to the node's primary network interface
-  #     (i.e. the internal IP of the GCE VM).
-  #   SERVICE_CIDR: the CIDR used for kubernetes services.
-  #   DNS_SERVER_IP: the cluster's DNS server IP address.
-  #   DNS_DOMAIN: the cluster's DNS domain, e.g. "cluster.local".
-  #
-  # OutBoundNAT ExceptionList: No SNAT for CIDRs in the list, the same as default GKE non-masquerade destination ranges listed at https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent#default-non-masq-dests
-
-  New-Item -Force -ItemType file ${l2bridge_conf} | Out-Null
-  Set-Content ${l2bridge_conf} `
-'{
-  "cniVersion":  "0.2.0",
-  "name":  "l2bridge",
-  "type":  "win-bridge",
-  "capabilities":  {
-    "portMappings":  true,
-    "dns": true
-  },
-  "ipam":  {
-    "type": "host-local",
-    "subnet": "POD_CIDR",
-    "rangeStart": "CIDR_RANGE_START"
-  },
-  "dns":  {
-    "Nameservers":  [
-      "DNS_SERVER_IP"
-    ],
-    "Search": [
-      "DNS_DOMAIN"
-    ]
-  },
-  "Policies":  [
-    {
-      "Name":  "EndpointPolicy",
-      "Value":  {
-        "Type":  "OutBoundNAT",
-        "ExceptionList":  [
-          "169.254.0.0/16",
-          "10.0.0.0/8",
-          "172.16.0.0/12",
-          "192.168.0.0/16",
-          "100.64.0.0/10",
-          "192.0.0.0/24",
-          "192.0.2.0/24",
-          "192.88.99.0/24",
-          "198.18.0.0/15",
-          "198.51.100.0/24",
-          "203.0.113.0/24",
-          "240.0.0.0/4"
-        ]
-      }
-    },
-    {
-      "Name":  "EndpointPolicy",
-      "Value":  {
-        "Type":  "ROUTE",
-        "DestinationPrefix":  "SERVICE_CIDR",
-        "NeedEncap":  true
-      }
-    },
-    {
-      "Name":  "EndpointPolicy",
-      "Value":  {
-        "Type":  "ROUTE",
-        "DestinationPrefix":  "MGMT_IP/32",
-        "NeedEncap":  true
-      }
-    }
-  ]
-}'.replace('POD_CIDR', ${env:POD_CIDR}).`
-  replace('CIDR_RANGE_START', ${cidr_range_start}).`
-  replace('DNS_SERVER_IP', ${kube_env}['DNS_SERVER_IP']).`
-  replace('DNS_DOMAIN', ${kube_env}['DNS_DOMAIN']).`
-  replace('MGMT_IP', ${mgmt_ip}).`
-  replace('SERVICE_CIDR', ${kube_env}['SERVICE_CLUSTER_IP_RANGE'])
-
-  Log-Output "CNI config:`n$(Get-Content -Raw ${l2bridge_conf})"
 }
 
 # Obtain the host dns conf and save it to a file so that kubelet/CNI
@@ -1366,14 +1217,9 @@ function Pull-InfraContainer {
 # Docker and containerd.
 function Setup-ContainerRuntime {
   Install-Pigz
-  if (${env:CONTAINER_RUNTIME} -eq "containerd") {
-    Install_Containerd
-    Configure_Containerd
-    Start_Containerd
-  } else {
-    Create_DockerRegistryKey
-    Configure_Dockerd
-  }
+  Install_Containerd
+  Configure_Containerd
+  Start_Containerd
 }
 
 function Test-ContainersFeatureInstalled {
@@ -1434,42 +1280,6 @@ function Install-Docker {
       -Verbose
 }
 
-# Add a registry key for docker in EventLog so that log messages are mapped
-# correctly. This is a workaround since the key is missing in the base image.
-# https://github.com/MicrosoftDocs/Virtualization-Documentation/pull/503
-# TODO: Fix this in the base image.
-# TODO(random-liu): Figure out whether we need this for containerd.
-function Create_DockerRegistryKey {
-  $tmp_dir = 'C:\tmp_docker_reg'
-  New-Item -Force -ItemType 'directory' ${tmp_dir} | Out-Null
-  $reg_file = 'docker.reg'
-  Set-Content ${tmp_dir}\${reg_file} `
-'Windows Registry Editor Version 5.00
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\docker]
-"CustomSource"=dword:00000001
-"EventMessageFile"="C:\\Program Files\\docker\\dockerd.exe"
-"TypesSupported"=dword:00000007'
-
-  Log-Output "Importing registry key for Docker"
-  reg import ${tmp_dir}\${reg_file}
-  Remove-Item -Force -Recurse ${tmp_dir}
-}
-
-# Configure Docker daemon and restart the service.
-function Configure_Dockerd {
-  Set-Content "C:\ProgramData\docker\config\daemon.json" @'
-{
-  "log-driver": "json-file",
-  "log-opts": {
-    "max-size": "1m",
-    "max-file": "5"
-  }
-}
-'@
-
- Restart-Service Docker
-}
-
 # Configures the TCP/IP parameters to be in sync with the GCP recommendation.
 # Not setting these values correctly can cause network issues for connections
 # that live longer than 10 minutes.
@@ -1811,12 +1621,8 @@ function Configure-NodeProblemDetector {
         $system_stats_monitors += @("${npd_dir}\config\windows-system-stats-monitor.json")
 
         # NPD Configuration for CRI monitor
-        if (${env:CONTAINER_RUNTIME} -eq "containerd") {
-          $system_log_monitors += @("${npd_dir}\config\windows-containerd-monitor-filelog.json")
-          $custom_plugin_monitors += @("${npd_dir}\config\windows-health-checker-containerd.json")
-        } else {
-          $custom_plugin_monitors += @("${npd_dir}\config\windows-health-checker-docker.json")
-        }
+        $system_log_monitors += @("${npd_dir}\config\windows-containerd-monitor-filelog.json")
+        $custom_plugin_monitors += @("${npd_dir}\config\windows-health-checker-containerd.json")
 
         $flags="--v=2 --port=20256 --log_dir=${npd_logs_dir}"
         if ($system_log_monitors.count -gt 0) {

hack/ginkgo-e2e.sh

@@ -151,8 +151,6 @@ if [[ "${GINKGO_NO_COLOR}" == "y" ]]; then
   ginkgo_args+=("--noColor")
 fi
 
-CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-${KUBE_CONTAINER_RUNTIME:-}}
-
 # The --host setting is used only when providing --auth_config
 # If --kubeconfig is used, the host to use is retrieved from the .kubeconfig
 # file and the one provided with --host is ignored.
@@ -191,7 +189,6 @@ fi
   --dns-domain="${KUBE_DNS_DOMAIN:-cluster.local}" \
   --prepull-images="${PREPULL_IMAGES:-false}" \
   --ginkgo.slowSpecThreshold="${GINKGO_SLOW_SPEC_THRESHOLD:-300}" \
-  ${CONTAINER_RUNTIME:+"--container-runtime=${CONTAINER_RUNTIME}"} \
   ${MASTER_OS_DISTRIBUTION:+"--master-os-distro=${MASTER_OS_DISTRIBUTION}"} \
   ${NODE_OS_DISTRIBUTION:+"--node-os-distro=${NODE_OS_DISTRIBUTION}"} \
   ${NUM_NODES:+"--num-nodes=${NUM_NODES}"} \

hack/make-rules/test-e2e-node.sh

@@ -39,7 +39,6 @@ parallelism=${PARALLELISM:-8}
 artifacts="${ARTIFACTS:-"/tmp/_artifacts/$(date +%y%m%dT%H%M%S)"}"
 remote=${REMOTE:-"false"}
 remote_mode=${REMOTE_MODE:-"gce"}
-runtime=${RUNTIME:-"docker"}
 container_runtime_endpoint=${CONTAINER_RUNTIME_ENDPOINT:-""}
 image_service_endpoint=${IMAGE_SERVICE_ENDPOINT:-""}
 run_until_failure=${RUN_UNTIL_FAILURE:-"false"}
@@ -78,13 +77,11 @@ if [ ! -d "${artifacts}" ]; then
 fi
 echo "Test artifacts will be written to ${artifacts}"
 
-if [[ ${runtime} == "remote" ]] ; then
-  if [[ -n ${container_runtime_endpoint} ]] ; then
-    test_args="--container-runtime-endpoint=${container_runtime_endpoint} ${test_args}"
-  fi
-  if [[ -n ${image_service_endpoint} ]] ; then
-    test_args="--image-service-endpoint=${image_service_endpoint} ${test_args}"
-  fi
+if [[ -n ${container_runtime_endpoint} ]] ; then
+  test_args="--container-runtime-endpoint=${container_runtime_endpoint} ${test_args}"
+fi
+if [[ -n ${image_service_endpoint} ]] ; then
+  test_args="--image-service-endpoint=${image_service_endpoint} ${test_args}"
 fi
 
 
@@ -223,9 +220,6 @@ else
   fi
 
 
-  # Runtime flags
-  test_args='--kubelet-flags="--container-runtime='${runtime}'" '${test_args}
-
   # Use cluster.local as default dns-domain
   test_args='--dns-domain="'${KUBE_DNS_DOMAIN:-cluster.local}'" '${test_args}
   test_args='--kubelet-flags="--cluster-domain='${KUBE_DNS_DOMAIN:-cluster.local}'" '${test_args}
@@ -233,9 +227,9 @@ else
   # Provided for backwards compatibility
   go run test/e2e_node/runner/local/run_local.go \
     --system-spec-name="${system_spec_name}" --extra-envs="${extra_envs}" \
-    --ginkgo-flags="${ginkgoflags}" --test-flags="--container-runtime=${runtime} \
-    --alsologtostderr --v 4 --report-dir=${artifacts} --node-name $(hostname) \
-    ${test_args}" --runtime-config="${runtime_config}" \
+    --ginkgo-flags="${ginkgoflags}" \
+    --test-flags="--alsologtostderr --v 4 --report-dir=${artifacts} --node-name $(hostname) ${test_args}" \
+    --runtime-config="${runtime_config}" \
     --kubelet-config-file="${kubelet_config_file}" \
     --build-dependencies=true 2>&1 | tee -i "${artifacts}/build-log.txt"
   exit $?

test/e2e/framework/test_context.go

@@ -486,11 +486,6 @@ func AfterReadingAllFlags(t *TestContextType) {
 		TestContext.Provider = "skeleton"
 	}
 
-	// TODO: Fix tests scripts that set CONTAINER_RUNTIME="containerd"
-	if TestContext.ContainerRuntime == "containerd" {
-		klog.Warningf("The --container-runtime flag is set to 'containerd' instead of 'remote'.")
-		TestContext.ContainerRuntime = "remote"
-	}
 	// Make sure that container runtime is valid
 	if TestContext.ContainerRuntime != "remote" {
 		klog.Errorf("Unsupported CRI container runtime: %q", TestContext.ContainerRuntime)