mirror of
https://github.com/rancher/rke.git
synced 2025-09-08 10:29:44 +00:00
Add support for enabling cri-dockerd
This commit is contained in:
Sebastiaan van Steenis
@@ -57,6 +57,8 @@ const (
|
|||||||
MaxEtcdNoStrictTLSVersion = "v3.4.14-rancher99"
|
MaxEtcdNoStrictTLSVersion = "v3.4.14-rancher99"
|
||||||
|
|
||||||
EncryptionProviderConfigArgument = "encryption-provider-config"
|
EncryptionProviderConfigArgument = "encryption-provider-config"
|
||||||
|
|
||||||
|
KubeletCRIDockerdNameEnv = "RKE_KUBELET_CRIDOCKERD"
|
||||||
)
|
)
|
||||||
|
|
||||||
var admissionControlOptionNames = []string{"enable-admission-plugins", "admission-control"}
|
var admissionControlOptionNames = []string{"enable-admission-plugins", "admission-control"}
|
||||||
@@ -436,6 +438,10 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
|
|||||||
CommandArgs["tls-cert-file"] = pki.GetCertPath(pki.GetCrtNameForHost(host, pki.KubeletCertName))
|
CommandArgs["tls-cert-file"] = pki.GetCertPath(pki.GetCrtNameForHost(host, pki.KubeletCertName))
|
||||||
CommandArgs["tls-private-key-file"] = pki.GetCertPath(fmt.Sprintf("%s-key", pki.GetCrtNameForHost(host, pki.KubeletCertName)))
|
CommandArgs["tls-private-key-file"] = pki.GetCertPath(fmt.Sprintf("%s-key", pki.GetCrtNameForHost(host, pki.KubeletCertName)))
|
||||||
}
|
}
|
||||||
|
if c.IsCRIDockerdEnabled() {
|
||||||
|
CommandArgs["container-runtime"] = "remote"
|
||||||
|
CommandArgs["container-runtime-endpoint"] = "/var/run/dockershim.sock"
|
||||||
|
}
|
||||||
|
|
||||||
if serviceOptions.Kubelet != nil {
|
if serviceOptions.Kubelet != nil {
|
||||||
for k, v := range serviceOptions.Kubelet {
|
for k, v := range serviceOptions.Kubelet {
|
||||||
@@ -508,6 +514,12 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
|
|||||||
|
|
||||||
Env := host.GetExtraEnv(kubelet.BaseService)
|
Env := host.GetExtraEnv(kubelet.BaseService)
|
||||||
|
|
||||||
|
if c.IsCRIDockerdEnabled() {
|
||||||
|
Env = append(Env,
|
||||||
|
// Enable running cri-dockerd
|
||||||
|
fmt.Sprintf("%s=%s", KubeletCRIDockerdNameEnv, "true"))
|
||||||
|
}
|
||||||
|
|
||||||
if len(c.CloudProvider.Name) > 0 {
|
if len(c.CloudProvider.Name) > 0 {
|
||||||
Env = append(Env,
|
Env = append(Env,
|
||||||
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile)))
|
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile)))
|
||||||
@@ -1096,3 +1108,13 @@ func appendArgs(command []string, args map[string]string) []string {
|
|||||||
}
|
}
|
||||||
return command
|
return command
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Cluster) IsCRIDockerdEnabled() bool {
|
||||||
|
if c == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if c.EnableCRIDockerd != nil && *c.EnableCRIDockerd {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|||||||
@@ -6,11 +6,13 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/blang/semver"
|
||||||
"github.com/rancher/rke/log"
|
"github.com/rancher/rke/log"
|
||||||
"github.com/rancher/rke/metadata"
|
"github.com/rancher/rke/metadata"
|
||||||
"github.com/rancher/rke/pki"
|
"github.com/rancher/rke/pki"
|
||||||
"github.com/rancher/rke/services"
|
"github.com/rancher/rke/services"
|
||||||
"github.com/rancher/rke/util"
|
"github.com/rancher/rke/util"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
v1 "k8s.io/api/core/v1"
|
v1 "k8s.io/api/core/v1"
|
||||||
"k8s.io/apimachinery/pkg/util/validation"
|
"k8s.io/apimachinery/pkg/util/validation"
|
||||||
)
|
)
|
||||||
@@ -47,6 +49,11 @@ func (c *Cluster) ValidateCluster(ctx context.Context) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// validate enabling CRIDockerd
|
||||||
|
if err := validateCRIDockerdOption(c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// validate services options
|
// validate services options
|
||||||
return validateServicesOptions(c)
|
return validateServicesOptions(c)
|
||||||
}
|
}
|
||||||
@@ -576,3 +583,25 @@ func validateIngressImages(c *Cluster) error {
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func validateCRIDockerdOption(c *Cluster) error {
|
||||||
|
if c.EnableCRIDockerd != nil && *c.EnableCRIDockerd {
|
||||||
|
k8sVersion := c.RancherKubernetesEngineConfig.Version
|
||||||
|
toMatch, err := semver.Make(k8sVersion[1:])
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("%s is not valid semver", k8sVersion)
|
||||||
|
}
|
||||||
|
logrus.Debugf("Checking cri-dockerd for cluster version [%s]", k8sVersion)
|
||||||
|
// cri-dockerd can be enabled for k8s 1.21 and up
|
||||||
|
CRIDockerdAllowedRange, err := semver.ParseRange(">=1.21.0-rancher0")
|
||||||
|
if err != nil {
|
||||||
|
logrus.Warnf("Failed to parse semver range for checking cri-dockerd")
|
||||||
|
}
|
||||||
|
if !CRIDockerdAllowedRange(toMatch) {
|
||||||
|
logrus.Debugf("Cluster version [%s] is not allowed to enable cri-dockerd", k8sVersion)
|
||||||
|
return fmt.Errorf("Enabling cri-dockerd for cluster version [%s] is not supported", k8sVersion)
|
||||||
|
}
|
||||||
|
logrus.Infof("cri-dockerd is enabled for cluster version [%s]", k8sVersion)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user