From 91ee4aa54201f594bf5c8fc1065952f112129723 Mon Sep 17 00:00:00 2001 From: Florian Ruynat <16313165+floryut@users.noreply.github.com> Date: Mon, 18 Jan 2021 10:41:44 +0100 Subject: [PATCH] Decrease docker dependency (#7172) --- roles/download/defaults/main.yml | 9 -------- roles/download/tasks/check_pull_required.yml | 5 +---- roles/download/tasks/prep_download.yml | 20 ++++++++++++++--- roles/download/tasks/set_container_facts.yml | 11 ++++++++++ roles/kubernetes/node/tasks/install.yml | 22 +++++++++++++++++-- roles/network_plugin/calico/handlers/main.yml | 8 +++---- .../kube-router/handlers/main.yml | 8 +++---- 7 files changed, 57 insertions(+), 26 deletions(-) diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 6464ec4c6..9f2a5c134 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -553,15 +553,6 @@ dashboard_image_tag: "v2.1.0" dashboard_metrics_scraper_repo: "{{ docker_image_repo }}/kubernetesui/metrics-scraper" dashboard_metrics_scraper_tag: "v1.0.6" -image_pull_command: "{{ docker_bin_dir }}/docker pull" -image_save_command: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_final }}" -image_load_command: "{{ docker_bin_dir }}/docker load < {{ image_path_final }}" -image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs {{ docker_bin_dir }}/docker inspect -f \"{{ '{{' }} if .RepoTags {{ '}}' }}{{ '{{' }} (join .RepoTags \\\",\\\") {{ '}}' }}{{ '{{' }} end {{ '}}' }}{{ '{{' }} if .RepoDigests {{ '}}' }},{{ '{{' }} (join .RepoDigests \\\",\\\") {{ '}}' }}{{ '{{' }} end {{ '}}' }}\" | tr '\n' ','" - -image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull" -image_save_command_on_localhost: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_cached }}" -image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images" - metallb_speaker_image_repo: "{{ quay_image_repo }}/metallb/speaker" metallb_controller_image_repo: "{{ quay_image_repo }}/metallb/controller" diff --git a/roles/download/tasks/check_pull_required.yml b/roles/download/tasks/check_pull_required.yml index 0497b0021..c2f9ead02 100644 --- a/roles/download/tasks/check_pull_required.yml +++ b/roles/download/tasks/check_pull_required.yml @@ -1,8 +1,5 @@ --- -# NOTE: The ampersand hell in this block is needed because docker-inspect uses go templates, -# which uses double ampersands as delimiters, just like Jinja does. If you want to understand -# the template, just replace all instances of {{ `{{` }} with {{ and {{ '}}' }} with }}. -# It will output something like the following: +# The image_info_command depends on the Container Runtime and will output something like the following: # nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc... - name: check_pull_required | Generate a list of information about the images on a node # noqa 305 image_info_command contains a pipe, therefore requiring shell shell: "{{ image_info_command }}" diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml index 001aec953..475040a50 100644 --- a/roles/download/tasks/prep_download.yml +++ b/roles/download/tasks/prep_download.yml @@ -5,13 +5,27 @@ tags: - facts -- name: prep_download | Set image info command for containerd and crio +# The docker image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing +# done here and when `image_info_command` is used (first the raw/endraw allow to store the command, then the second processing replace `{{` +- name: prep_download | Set image pull/info command for docker + set_fact: + image_pull_command: "{{ docker_bin_dir }}/docker pull" + image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','" + when: container_manager == 'docker' + +- name: prep_download | Set image pull/info command for containerd and crio set_fact: image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" image_pull_command: "{{ bin_dir }}/crictl pull" when: container_manager in ['crio' ,'containerd'] -- name: prep_download | Set image info command for containerd and crio on localhost +- name: prep_download | Set image pull/info command for docker on localhost + set_fact: + image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull" + image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images" + when: container_manager_on_localhost == 'docker' + +- name: prep_download | Set image pull/info command for containerd and crio on localhost set_fact: image_info_command_on_localhost: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" image_pull_command_on_localhost: "{{ bin_dir }}/crictl pull" @@ -32,7 +46,7 @@ - localhost - asserts -- name: prep_download | On localhost, check if user has access to docker without using sudo +- name: prep_download | On localhost, check if user has access to the container runtime without using sudo shell: "{{ image_info_command_on_localhost }}" # noqa 305 image_info_command_on_localhost contains pipe, therefore requires shell delegate_to: localhost connection: local diff --git a/roles/download/tasks/set_container_facts.yml b/roles/download/tasks/set_container_facts.yml index af89ba100..68ad194d9 100644 --- a/roles/download/tasks/set_container_facts.yml +++ b/roles/download/tasks/set_container_facts.yml @@ -22,6 +22,12 @@ image_path_cached: "{{ download_cache_dir }}/images/{{ image_filename }}" image_path_final: "{{ local_release_dir }}/images/{{ image_filename }}" +- name: Set image save/load command for docker + set_fact: + image_save_command: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_final }}" + image_load_command: "{{ docker_bin_dir }}/docker load < {{ image_path_final }}" + when: container_manager == 'docker' + - name: Set image save/load command for containerd set_fact: image_save_command: "{{ containerd_bin_dir }}/ctr -n k8s.io image export {{ image_path_final }} {{ image_reponame }}" @@ -34,6 +40,11 @@ image_load_command: "skopeo copy docker-archive:{{ image_path_final }} containers-storage:{{ image_reponame }}" when: container_manager == 'crio' +- name: Set image save/load command for docker on localhost + set_fact: + image_save_command_on_localhost: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_cached }}" + when: container_manager_on_localhost == 'docker' + - name: Set image save/load command for containerd on localhost set_fact: image_save_command_on_localhost: "{{ containerd_bin_dir }}/ctr -n k8s.io image export {{ image_path_cached }} {{ image_reponame }}" diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index dd2099672..f7deae705 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -21,8 +21,26 @@ - upgrade notify: Node | restart kubelet -- name: install | Copy socat wrapper for Container Linux +- name: install | Copy socat wrapper for Container Linux with Docker command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}" args: creates: "{{ bin_dir }}/socat" - when: ansible_os_family in ['Flatcar Container Linux by Kinvolk'] + when: + - ansible_os_family in ['Flatcar Container Linux by Kinvolk'] + - container_manager == "docker" + +- name: install | Copy socat wrapper for Container Linux with Containerd + command: "{{ containerd_bin_dir }}/ctr run --rm --mount type=bind,src={{ bin_dir }},dst=/opt/bin,options=rbind:rw {{ install_socat_image_repo }}:{{ install_socat_image_tag }}" + args: + creates: "{{ bin_dir }}/socat" + when: + - ansible_os_family in ['Flatcar Container Linux by Kinvolk'] + - container_manager == "containerd" + +- name: install | Copy socat wrapper for Container Linux with crio + command: "podman run --rm --mount type=bind,source={{ bin_dir }},destination=/opt/bin,rw=true {{ install_socat_image_repo }}:{{ install_socat_image_tag }}" + args: + creates: "{{ bin_dir }}/socat" + when: + - ansible_os_family in ['Flatcar Container Linux by Kinvolk'] + - container_manager == "crio" diff --git a/roles/network_plugin/calico/handlers/main.yml b/roles/network_plugin/calico/handlers/main.yml index 696729a24..97f57ce69 100644 --- a/roles/network_plugin/calico/handlers/main.yml +++ b/roles/network_plugin/calico/handlers/main.yml @@ -4,22 +4,22 @@ when: calico_cni_config is defined notify: - delete 10-calico.conflist - - docker | delete calico-node containers - - containerd | delete calico-node containers + - Calico | delete calico-node docker containers + - Calico | delete calico-node crio/containerd containers - name: delete 10-calico.conflist file: path: /etc/cni/net.d/10-calico.conflist state: absent -- name: docker | delete calico-node containers +- name: Calico | delete calico-node docker containers shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_calico-node* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f" register: docker_calico_node_remove until: docker_calico_node_remove is succeeded retries: 5 when: container_manager in ["docker"] -- name: containerd | delete calico-node containers +- name: Calico | delete calico-node crio/containerd containers shell: '{{ bin_dir }}/crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"' register: crictl_calico_node_remove until: crictl_calico_node_remove is succeeded diff --git a/roles/network_plugin/kube-router/handlers/main.yml b/roles/network_plugin/kube-router/handlers/main.yml index 073c89765..7bdfc5d42 100644 --- a/roles/network_plugin/kube-router/handlers/main.yml +++ b/roles/network_plugin/kube-router/handlers/main.yml @@ -2,17 +2,17 @@ - name: reset_kube_router command: /bin/true notify: - - docker | delete kube-router containers - - containerd | delete kube-router containers + - Kube-router | delete kube-router docker containers + - Kube-router | delete kube-router crio/containerd containers -- name: docker | delete kube-router containers +- name: Kube-router | delete kube-router docker containers shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_kube-router* -q | xargs --no-run-if-empty docker rm -f" register: docker_kube_router_remove until: docker_kube_router_remove is succeeded retries: 5 when: container_manager in ["docker"] -- name: containerd | delete kube-router containers +- name: Kube-router | delete kube-router crio/containerd containers shell: '{{ bin_dir }}/crictl pods --name kube-router* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"' register: crictl_kube_router_remove until: crictl_kube_router_remove is succeeded