diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go b/cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go index be5ea5bbf9b..b66059cfb1c 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go @@ -169,7 +169,7 @@ limitations under the License. // - system:bootstrappers:kubeadm:default-node-token // nodeRegistration: // name: "ec2-10-100-0-1" -// criSocket: "unix:///var/run/dockershim.sock" +// criSocket: "unix:///var/run/containerd/containerd.sock" // taints: // - key: "kubeadmNode" // value: "master" diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go b/cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go index 37a861885c9..4ba87609d38 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go @@ -173,7 +173,7 @@ limitations under the License. // - system:bootstrappers:kubeadm:default-node-token // nodeRegistration: // name: "ec2-10-100-0-1" -// criSocket: "unix:///var/run/dockershim.sock" +// criSocket: "unix:///var/run/containerd/containerd.sock" // taints: // - key: "kubeadmNode" // value: "master" diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go index 9a87bcb721d..db8a22c5637 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go @@ -579,7 +579,7 @@ func TestValidateJoinConfiguration(t *testing.T) { }, NodeRegistration: kubeadmapi.NodeRegistrationOptions{ Name: "aaa", - CRISocket: "unix:///var/run/dockershim.sock", + CRISocket: "unix:///var/run/containerd/containerd.sock", }, }, true}, {&kubeadmapi.JoinConfiguration{ // Pass with JoinControlPlane @@ -594,7 +594,7 @@ func TestValidateJoinConfiguration(t *testing.T) { }, NodeRegistration: kubeadmapi.NodeRegistrationOptions{ Name: "aaa", - CRISocket: "unix:///var/run/dockershim.sock", + CRISocket: "unix:///var/run/containerd/containerd.sock", }, ControlPlane: &kubeadmapi.JoinControlPlane{ LocalAPIEndpoint: kubeadmapi.APIEndpoint{ @@ -615,7 +615,7 @@ func TestValidateJoinConfiguration(t *testing.T) { }, NodeRegistration: kubeadmapi.NodeRegistrationOptions{ Name: "aaa", - CRISocket: "unix:///var/run/dockershim.sock", + CRISocket: "unix:///var/run/containerd/containerd.sock", }, ControlPlane: &kubeadmapi.JoinControlPlane{ LocalAPIEndpoint: kubeadmapi.APIEndpoint{ @@ -636,7 +636,7 @@ func TestValidateJoinConfiguration(t *testing.T) { }, NodeRegistration: kubeadmapi.NodeRegistrationOptions{ Name: "aaa", - CRISocket: "/var/run/dockershim.sock", + CRISocket: "unix:///var/run/containerd/containerd.sock", }, ControlPlane: &kubeadmapi.JoinControlPlane{ LocalAPIEndpoint: kubeadmapi.APIEndpoint{ diff --git a/cmd/kubeadm/app/cmd/certs_test.go b/cmd/kubeadm/app/cmd/certs_test.go index 18ec56694d2..8efa58c7456 100644 --- a/cmd/kubeadm/app/cmd/certs_test.go +++ b/cmd/kubeadm/app/cmd/certs_test.go @@ -359,7 +359,7 @@ kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.0.2.1 nodeRegistration: - criSocket: /path/to/dockershim.sock + criSocket: "unix:///var/run/containerd/containerd.sock" --- apiVersion: %[1]s kind: ClusterConfiguration diff --git a/cmd/kubeadm/app/cmd/config.go b/cmd/kubeadm/app/cmd/config.go index 6c875a8bb37..db0488c9990 100644 --- a/cmd/kubeadm/app/cmd/config.go +++ b/cmd/kubeadm/app/cmd/config.go @@ -211,7 +211,7 @@ func getDefaultNodeConfigBytes() ([]byte, error) { }, }, NodeRegistration: kubeadmapiv1.NodeRegistrationOptions{ - CRISocket: constants.DefaultDockerCRISocket, // avoid CRI detection + CRISocket: constants.DefaultCRISocket, // avoid CRI detection }, }) if err != nil { diff --git a/cmd/kubeadm/app/cmd/config_test.go b/cmd/kubeadm/app/cmd/config_test.go index d7d88878ccd..27dd17b75c3 100644 --- a/cmd/kubeadm/app/cmd/config_test.go +++ b/cmd/kubeadm/app/cmd/config_test.go @@ -363,10 +363,10 @@ func TestImagesPull(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, - LookPathFunc: func(cmd string) (string, error) { return "/usr/bin/docker", nil }, + LookPathFunc: func(cmd string) (string, error) { return "/usr/bin/crictl", nil }, } - containerRuntime, err := utilruntime.NewContainerRuntime(&fexec, constants.DefaultDockerCRISocket) + containerRuntime, err := utilruntime.NewContainerRuntime(&fexec, constants.DefaultCRISocket) if err != nil { t.Errorf("unexpected NewContainerRuntime error: %v", err) } diff --git a/cmd/kubeadm/app/cmd/phases/reset/cleanupnode.go b/cmd/kubeadm/app/cmd/phases/reset/cleanupnode.go index a387ff7cac6..866689715d3 100644 --- a/cmd/kubeadm/app/cmd/phases/reset/cleanupnode.go +++ b/cmd/kubeadm/app/cmd/phases/reset/cleanupnode.go @@ -84,6 +84,8 @@ func runCleanupNode(c workflow.RunData) error { klog.Warningf("[reset] Failed to remove containers: %v\n", err) } + // TODO: remove the dockershim directory cleanup in 1.25 + // https://github.com/kubernetes/kubeadm/issues/2626 r.AddDirsToClean("/var/lib/dockershim", "/var/run/kubernetes", "/var/lib/cni") // Remove contents from the config and pki directories diff --git a/cmd/kubeadm/app/constants/constants_unix.go b/cmd/kubeadm/app/constants/constants_unix.go index 3d2ecec90f3..0943d0610c0 100644 --- a/cmd/kubeadm/app/constants/constants_unix.go +++ b/cmd/kubeadm/app/constants/constants_unix.go @@ -20,6 +20,13 @@ limitations under the License. package constants const ( - // DefaultDockerCRISocket defines the default Docker CRI socket - DefaultDockerCRISocket = "unix:///var/run/dockershim.sock" + // CRISocketContainerd is the containerd CRI endpoint + CRISocketContainerd = "unix:///var/run/containerd/containerd.sock" + // CRISocketCRIO is the cri-o CRI endpoint + CRISocketCRIO = "unix:///var/run/crio/crio.sock" + // CRISocketDocker is the cri-dockerd CRI endpoint + CRISocketDocker = "unix:///var/run/cri-dockerd.sock" + + // DefaultCRISocket defines the default CRI socket + DefaultCRISocket = CRISocketContainerd ) diff --git a/cmd/kubeadm/app/constants/constants_windows.go b/cmd/kubeadm/app/constants/constants_windows.go index 1a44a82723d..48e870023bc 100644 --- a/cmd/kubeadm/app/constants/constants_windows.go +++ b/cmd/kubeadm/app/constants/constants_windows.go @@ -20,6 +20,14 @@ limitations under the License. package constants const ( - // DefaultDockerCRISocket defines the default Docker CRI socket - DefaultDockerCRISocket = "npipe:////./pipe/docker_engine" + // CRISocketContainerd is the containerd CRI endpoint + CRISocketContainerd = "npipe:////./pipe/containerd-containerd" + // CRISocketCRIO is the cri-o CRI endpoint + // NOTE: this is a placeholder as CRI-O does not support Windows + CRISocketCRIO = "npipe:////./pipe/cri-o" + // CRISocketDocker is the cri-dockerd CRI endpoint + CRISocketDocker = "npipe:////./pipe/cri-dockerd" + + // DefaultCRISocket defines the default CRI socket + DefaultCRISocket = CRISocketContainerd ) diff --git a/cmd/kubeadm/app/phases/kubelet/flags.go b/cmd/kubeadm/app/phases/kubelet/flags.go index de24a57ad3f..6b420869cd7 100644 --- a/cmd/kubeadm/app/phases/kubelet/flags.go +++ b/cmd/kubeadm/app/phases/kubelet/flags.go @@ -21,6 +21,7 @@ import ( "io/ioutil" "os" "path/filepath" + "runtime" "strings" "github.com/pkg/errors" @@ -102,7 +103,13 @@ func buildKubeletArgMapCommon(opts kubeletFlagsOpts) map[string]string { // Once that happens only the "remote" branch option should be left. // TODO: https://github.com/kubernetes/kubeadm/issues/2626 hasDockershim := opts.kubeletVersion.Major() == 1 && opts.kubeletVersion.Minor() < 24 - if opts.nodeRegOpts.CRISocket == constants.DefaultDockerCRISocket && hasDockershim { + var dockerSocket string + if runtime.GOOS == "windows" { + dockerSocket = "npipe:////./pipe/dockershim" + } else { + dockerSocket = "unix:///var/run/dockershim.sock" + } + if opts.nodeRegOpts.CRISocket == dockerSocket && hasDockershim { kubeletFlags["network-plugin"] = "cni" } else { kubeletFlags["container-runtime"] = "remote" diff --git a/cmd/kubeadm/app/phases/patchnode/patchnode_test.go b/cmd/kubeadm/app/phases/patchnode/patchnode_test.go index f0a5656e3ad..35dad449e3c 100644 --- a/cmd/kubeadm/app/phases/patchnode/patchnode_test.go +++ b/cmd/kubeadm/app/phases/patchnode/patchnode_test.go @@ -52,7 +52,7 @@ func TestAnnotateCRISocket(t *testing.T) { }, { name: "CRI-socket annotation needs to be updated", - currentCRISocketAnnotation: "unix:///var/run/dockershim.sock", + currentCRISocketAnnotation: "unix:///foo/bar", newCRISocketAnnotation: "unix:///run/containerd/containerd.sock", expectedPatch: `{"metadata":{"annotations":{"kubeadm.alpha.kubernetes.io/cri-socket":"unix:///run/containerd/containerd.sock"}}}`, }, diff --git a/cmd/kubeadm/app/preflight/checks_test.go b/cmd/kubeadm/app/preflight/checks_test.go index 26ef8b5d004..f672d713e68 100644 --- a/cmd/kubeadm/app/preflight/checks_test.go +++ b/cmd/kubeadm/app/preflight/checks_test.go @@ -917,10 +917,10 @@ func TestImagePullCheck(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, - LookPathFunc: func(cmd string) (string, error) { return "/usr/bin/docker", nil }, + LookPathFunc: func(cmd string) (string, error) { return "/usr/bin/crictl", nil }, } - containerRuntime, err := utilruntime.NewContainerRuntime(&fexec, constants.DefaultDockerCRISocket) + containerRuntime, err := utilruntime.NewContainerRuntime(&fexec, constants.DefaultCRISocket) if err != nil { t.Errorf("unexpected NewContainerRuntime error: %v", err) } diff --git a/cmd/kubeadm/app/util/config/initconfiguration.go b/cmd/kubeadm/app/util/config/initconfiguration.go index 2c691491523..8129ed4aed1 100644 --- a/cmd/kubeadm/app/util/config/initconfiguration.go +++ b/cmd/kubeadm/app/util/config/initconfiguration.go @@ -196,7 +196,7 @@ func DefaultedStaticInitConfiguration() (*kubeadmapi.InitConfiguration, error) { LocalAPIEndpoint: kubeadmapiv1.APIEndpoint{AdvertiseAddress: "1.2.3.4"}, BootstrapTokens: []bootstraptokenv1.BootstrapToken{PlaceholderToken}, NodeRegistration: kubeadmapiv1.NodeRegistrationOptions{ - CRISocket: kubeadmconstants.DefaultDockerCRISocket, // avoid CRI detection + CRISocket: kubeadmconstants.DefaultCRISocket, // avoid CRI detection Name: "node", }, } diff --git a/cmd/kubeadm/app/util/runtime/runtime.go b/cmd/kubeadm/app/util/runtime/runtime.go index 08821591908..74007ca58f6 100644 --- a/cmd/kubeadm/app/util/runtime/runtime.go +++ b/cmd/kubeadm/app/util/runtime/runtime.go @@ -124,7 +124,7 @@ func detectCRISocketImpl(isSocket func(string) bool) (string, error) { if isSocket(dockerSocket) { // the path in dockerSocket is not CRI compatible, hence we should replace it with a CRI compatible socket - foundCRISockets = append(foundCRISockets, constants.DefaultDockerCRISocket) + foundCRISockets = append(foundCRISockets, constants.DefaultCRISocket) } else if isSocket(containerdSocket) { // Docker 18.09 gets bundled together with containerd, thus having both dockerSocket and containerdSocket present. // For compatibility reasons, we use the containerd socket only if Docker is not detected. @@ -140,7 +140,7 @@ func detectCRISocketImpl(isSocket func(string) bool) (string, error) { switch len(foundCRISockets) { case 0: // Fall back to Docker if no CRI is detected, we can error out later on if we need it - return constants.DefaultDockerCRISocket, nil + return constants.DefaultCRISocket, nil case 1: // Precisely one CRI found, use that return foundCRISockets[0], nil diff --git a/cmd/kubeadm/app/util/runtime/runtime_test.go b/cmd/kubeadm/app/util/runtime/runtime_test.go index 242505ef157..8e36cf17ac2 100644 --- a/cmd/kubeadm/app/util/runtime/runtime_test.go +++ b/cmd/kubeadm/app/util/runtime/runtime_test.go @@ -89,11 +89,6 @@ func TestIsRunning(t *testing.T) { LookPathFunc: func(cmd string) (string, error) { return "/usr/bin/crictl", nil }, } - dockerExecer := fakeexec.FakeExec{ - CommandScript: genFakeActions(&fcmd, len(fcmd.CombinedOutputScript)), - LookPathFunc: func(cmd string) (string, error) { return "/usr/bin/docker", nil }, - } - cases := []struct { name string criSocket string @@ -102,8 +97,6 @@ func TestIsRunning(t *testing.T) { }{ {"valid: CRI-O is running", "unix:///var/run/crio/crio.sock", criExecer, false}, {"invalid: CRI-O is not running", "unix:///var/run/crio/crio.sock", criExecer, true}, - {"valid: docker is running", constants.DefaultDockerCRISocket, dockerExecer, false}, - {"invalid: docker is not running", constants.DefaultDockerCRISocket, dockerExecer, true}, } for _, tc := range cases { @@ -143,7 +136,6 @@ func TestListKubeContainers(t *testing.T) { }{ {"valid: list containers using CRI socket url", "unix:///var/run/crio/crio.sock", false}, {"invalid: list containers using CRI socket url", "unix:///var/run/crio/crio.sock", true}, - {"valid: list containers using docker", constants.DefaultDockerCRISocket, false}, } for _, tc := range cases { @@ -197,9 +189,6 @@ func TestRemoveContainers(t *testing.T) { {"valid: remove containers using CRI", "unix:///var/run/crio/crio.sock", []string{"k8s_p1", "k8s_p2", "k8s_p3"}, false}, // Test case 1 {"invalid: CRI rmp failure", "unix:///var/run/crio/crio.sock", []string{"k8s_p1", "k8s_p2", "k8s_p3"}, true}, {"invalid: CRI stopp failure", "unix:///var/run/crio/crio.sock", []string{"k8s_p1", "k8s_p2", "k8s_p3"}, true}, - {"valid: remove containers using docker", constants.DefaultDockerCRISocket, []string{"k8s_c1", "k8s_c2", "k8s_c3"}, false}, - {"invalid: docker rm failure", constants.DefaultDockerCRISocket, []string{"k8s_c1", "k8s_c2", "k8s_c3"}, true}, - {"invalid: docker stop failure", constants.DefaultDockerCRISocket, []string{"k8s_c1", "k8s_c2", "k8s_c3"}, true}, } for _, tc := range cases { @@ -252,8 +241,6 @@ func TestPullImage(t *testing.T) { }{ {"valid: pull image using CRI", "unix:///var/run/crio/crio.sock", "image1", false}, {"invalid: CRI pull error", "unix:///var/run/crio/crio.sock", "image2", true}, - {"valid: pull image using docker", constants.DefaultDockerCRISocket, "image1", false}, - {"invalid: docker pull error", constants.DefaultDockerCRISocket, "image2", true}, } for _, tc := range cases { @@ -295,9 +282,7 @@ func TestImageExists(t *testing.T) { result bool }{ {"valid: test if image exists using CRI", "unix:///var/run/crio/crio.sock", "image1", false}, - {"invalid: CRI inspecti failure", "unix:///var/run/crio/crio.sock", "image2", true}, - {"valid: test if image exists using docker", constants.DefaultDockerCRISocket, "image1", false}, - {"invalid: docker inspect failure", constants.DefaultDockerCRISocket, "image2", true}, + {"invalid: CRI inspect failure", "unix:///var/run/crio/crio.sock", "image2", true}, } for _, tc := range cases { @@ -388,10 +373,10 @@ func TestDetectCRISocketImpl(t *testing.T) { expectedSocket string }{ { - name: "No existing sockets, use Docker", + name: "No existing sockets, use default", existingSockets: []string{}, expectedError: false, - expectedSocket: constants.DefaultDockerCRISocket, + expectedSocket: constants.DefaultCRISocket, }, { name: "One valid CRI socket leads to success", @@ -399,12 +384,6 @@ func TestDetectCRISocketImpl(t *testing.T) { expectedError: false, expectedSocket: "unix:///var/run/crio/crio.sock", }, - { - name: "Correct Docker CRI socket is returned", - existingSockets: []string{"unix:///var/run/docker.sock"}, - expectedError: false, - expectedSocket: constants.DefaultDockerCRISocket, - }, { name: "CRI and Docker sockets lead to an error", existingSockets: []string{ @@ -420,10 +399,10 @@ func TestDetectCRISocketImpl(t *testing.T) { "unix:///run/containerd/containerd.sock", }, expectedError: false, - expectedSocket: constants.DefaultDockerCRISocket, + expectedSocket: constants.DefaultCRISocket, }, { - name: "A couple of CRI sockets lead to an error", + name: "Multiple CRI sockets lead to an error", existingSockets: []string{ "unix:///var/run/crio/crio.sock", "unix:///run/containerd/containerd.sock",