From 69806e0a4664108ab7f811f3a6387e64c0b9a23f Mon Sep 17 00:00:00 2001
From: muzi502 <42566386+muzi502@users.noreply.github.com>
Date: Mon, 26 Apr 2021 14:47:01 +0800
Subject: [PATCH] Add nerdctl cli tool for containerd user (#7500)

* Add nerdctl cli tool for containerd user

* Add nerdctl enable option

* Add nerdctl enable option and update nerdctl version to 0.8.0
---
 .../nerdctl/handlers/main.yml                 | 12 ++++++++++
 roles/container-engine/nerdctl/tasks/main.yml | 15 ++++++++++++
 roles/download/defaults/main.yml              | 24 +++++++++++++++++++
 roles/download/tasks/main.yml                 |  8 +++++++
 roles/kubespray-defaults/defaults/main.yaml   |  3 +++
 roles/reset/tasks/main.yml                    |  2 ++
 6 files changed, 64 insertions(+)
 create mode 100644 roles/container-engine/nerdctl/handlers/main.yml
 create mode 100644 roles/container-engine/nerdctl/tasks/main.yml

diff --git a/roles/container-engine/nerdctl/handlers/main.yml b/roles/container-engine/nerdctl/handlers/main.yml
new file mode 100644
index 000000000..27895ff74
--- /dev/null
+++ b/roles/container-engine/nerdctl/handlers/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Get nerdctl completion
+  command: "{{ bin_dir }}/nerdctl completion bash"
+  changed_when: False
+  register: nerdctl_completion
+  check_mode: false
+
+- name: Install nerdctl completion
+  copy:
+    dest: /etc/bash_completion.d/nerdctl
+    content: "{{ nerdctl_completion.stdout }}"
+    mode: 0644
diff --git a/roles/container-engine/nerdctl/tasks/main.yml b/roles/container-engine/nerdctl/tasks/main.yml
new file mode 100644
index 000000000..4afddafaf
--- /dev/null
+++ b/roles/container-engine/nerdctl/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: nerdctl | Download nerdctl
+  include_tasks: "../../../download/tasks/download_file.yml"
+  vars:
+    download: "{{ download_defaults | combine(downloads.nerdctl) }}"
+
+- name: nerdctl | Copy nerdctl binary from download dir
+  copy:
+    src: "{{ local_release_dir }}/nerdctl"
+    dest: "{{ bin_dir }}/nerdctl"
+    mode: 0755
+    remote_src: true
+  notify:
+    - Get nerdctl completion
+    - Install nerdctl completion
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index d9dedf5ea..99d080bb5 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -84,6 +84,7 @@ multus_version: "v3.7"
 ovn4nfv_ovn_image_version: "v1.0.0"
 ovn4nfv_k8s_plugin_image_version: "v1.1.0"
 helm_version: "v3.5.4"
+nerdctl_version: "0.8.0"
 
 # Get kubernetes major version (i.e. 1.17.4 => 1.17)
 kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
@@ -105,6 +106,7 @@ crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/down
 helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
 crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
 kata_containers_download_url: "https://github.com/kata-containers/runtime/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
+nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
 
 crictl_checksums:
   arm:
@@ -366,6 +368,14 @@ kata_containers_binary_checksums:
     1.11.3: 0
     1.12.1: 0
 
+nerdctl_archive_checksums:
+  arm:
+    0.8.0: 4f010fad22de10c839c003f126e9a10971abd142a9666bd1d3f2f49a3b545b5a
+  arm64:
+    0.8.0: 55073069e72315b58b4ebedb49c48f7d762cae02c541cbb36693223ae4019a6b
+  amd64:
+    0.8.0: a8097ad1f302c4ee2643162569a8f7019190461e740e453f41dba3ba264d0d3d
+
 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}"
 cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}"
 kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}"
@@ -377,6 +387,7 @@ crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
 helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
 crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
 kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
+nerdctl_archive_checksum: "{{ nerdctl_archive_checksums[image_arch][nerdctl_version] }}"
 
 # Containers
 # In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
@@ -657,6 +668,19 @@ downloads:
     groups:
     - k8s-cluster
 
+  nerdctl:
+    file: true
+    enabled: "{{ nerdctl_enabled }}"
+    version: "{{ nerdctl_version }}"
+    dest: "{{ local_release_dir }}/nerdctl-{{ nerdctl_version }}-linux-{{ image_arch }}.tar.gz"
+    sha256: "{{ nerdctl_archive_checksum }}"
+    url: "{{ nerdctl_download_url }}"
+    unarchive: true
+    owner: "root"
+    mode: "0755"
+    groups:
+    - k8s-cluster
+
   cilium:
     enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
     container: true
diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml
index e20945af3..48b592050 100644
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -14,6 +14,14 @@
     - not skip_downloads|default(false)
     - container_manager in ['containerd', 'crio']
 
+- name: install nerdctl
+  import_role:
+    name: container-engine/nerdctl
+  when:
+    - not skip_downloads|default(false)
+    - container_manager in ['containerd']
+    - nerdctl_enabled
+
 - name: download | Get kubeadm binary and list of required images
   include_tasks: prep_kubeadm_images.yml
   when:
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 13f8c773b..6ca0b9844 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -361,6 +361,9 @@ cert_manager_enabled: false
 expand_persistent_volumes: false
 metallb_enabled: false
 
+# containerd official CLI tool
+nerdctl_enabled: false
+
 ## When OpenStack is used, Cinder version can be explicitly specified if autodetection fails (Fixed in 1.9: https://github.com/kubernetes/kubernetes/issues/50461)
 # openstack_blockstorage_version: "v1/v2/auto (default)"
 openstack_blockstorage_ignore_volume_az: "{{ volume_cross_zone_attachment | default('false') }}"
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 6370f01ef..d216cd5ce 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -287,6 +287,7 @@
     - "{{ bin_dir }}/calico-upgrade"
     - "{{ bin_dir }}/weave"
     - "{{ bin_dir }}/crictl"
+    - "{{ bin_dir }}/nerdctl"
     - "{{ bin_dir }}/netctl"
     - "{{ bin_dir }}/k8s-certs-renew.sh"
     - /var/lib/cni
@@ -298,6 +299,7 @@
     - /run/calico
     - /etc/bash_completion.d/kubectl.sh
     - /etc/bash_completion.d/crictl
+    - /etc/bash_completion.d/nerdctl
   ignore_errors: yes
   tags:
     - files