Decrease docker dependency (#7172)

This commit is contained in:
Florian Ruynat 2021-01-18 10:41:44 +01:00 committed by GitHub
parent e3caff833c
commit 91ee4aa542
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 57 additions and 26 deletions

View file

@ -553,15 +553,6 @@ dashboard_image_tag: "v2.1.0"
dashboard_metrics_scraper_repo: "{{ docker_image_repo }}/kubernetesui/metrics-scraper" dashboard_metrics_scraper_repo: "{{ docker_image_repo }}/kubernetesui/metrics-scraper"
dashboard_metrics_scraper_tag: "v1.0.6" dashboard_metrics_scraper_tag: "v1.0.6"
image_pull_command: "{{ docker_bin_dir }}/docker pull"
image_save_command: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_final }}"
image_load_command: "{{ docker_bin_dir }}/docker load < {{ image_path_final }}"
image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs {{ docker_bin_dir }}/docker inspect -f \"{{ '{{' }} if .RepoTags {{ '}}' }}{{ '{{' }} (join .RepoTags \\\",\\\") {{ '}}' }}{{ '{{' }} end {{ '}}' }}{{ '{{' }} if .RepoDigests {{ '}}' }},{{ '{{' }} (join .RepoDigests \\\",\\\") {{ '}}' }}{{ '{{' }} end {{ '}}' }}\" | tr '\n' ','"
image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull"
image_save_command_on_localhost: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_cached }}"
image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images"
metallb_speaker_image_repo: "{{ quay_image_repo }}/metallb/speaker" metallb_speaker_image_repo: "{{ quay_image_repo }}/metallb/speaker"
metallb_controller_image_repo: "{{ quay_image_repo }}/metallb/controller" metallb_controller_image_repo: "{{ quay_image_repo }}/metallb/controller"

View file

@ -1,8 +1,5 @@
--- ---
# NOTE: The ampersand hell in this block is needed because docker-inspect uses go templates, # The image_info_command depends on the Container Runtime and will output something like the following:
# which uses double ampersands as delimiters, just like Jinja does. If you want to understand
# the template, just replace all instances of {{ `{{` }} with {{ and {{ '}}' }} with }}.
# It will output something like the following:
# nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc... # nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc...
- name: check_pull_required | Generate a list of information about the images on a node # noqa 305 image_info_command contains a pipe, therefore requiring shell - name: check_pull_required | Generate a list of information about the images on a node # noqa 305 image_info_command contains a pipe, therefore requiring shell
shell: "{{ image_info_command }}" shell: "{{ image_info_command }}"

View file

@ -5,13 +5,27 @@
tags: tags:
- facts - facts
- name: prep_download | Set image info command for containerd and crio # The docker image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing
# done here and when `image_info_command` is used (first the raw/endraw allow to store the command, then the second processing replace `{{`
- name: prep_download | Set image pull/info command for docker
set_fact:
image_pull_command: "{{ docker_bin_dir }}/docker pull"
image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','"
when: container_manager == 'docker'
- name: prep_download | Set image pull/info command for containerd and crio
set_fact: set_fact:
image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','"
image_pull_command: "{{ bin_dir }}/crictl pull" image_pull_command: "{{ bin_dir }}/crictl pull"
when: container_manager in ['crio' ,'containerd'] when: container_manager in ['crio' ,'containerd']
- name: prep_download | Set image info command for containerd and crio on localhost - name: prep_download | Set image pull/info command for docker on localhost
set_fact:
image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull"
image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images"
when: container_manager_on_localhost == 'docker'
- name: prep_download | Set image pull/info command for containerd and crio on localhost
set_fact: set_fact:
image_info_command_on_localhost: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" image_info_command_on_localhost: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','"
image_pull_command_on_localhost: "{{ bin_dir }}/crictl pull" image_pull_command_on_localhost: "{{ bin_dir }}/crictl pull"
@ -32,7 +46,7 @@
- localhost - localhost
- asserts - asserts
- name: prep_download | On localhost, check if user has access to docker without using sudo - name: prep_download | On localhost, check if user has access to the container runtime without using sudo
shell: "{{ image_info_command_on_localhost }}" # noqa 305 image_info_command_on_localhost contains pipe, therefore requires shell shell: "{{ image_info_command_on_localhost }}" # noqa 305 image_info_command_on_localhost contains pipe, therefore requires shell
delegate_to: localhost delegate_to: localhost
connection: local connection: local

View file

@ -22,6 +22,12 @@
image_path_cached: "{{ download_cache_dir }}/images/{{ image_filename }}" image_path_cached: "{{ download_cache_dir }}/images/{{ image_filename }}"
image_path_final: "{{ local_release_dir }}/images/{{ image_filename }}" image_path_final: "{{ local_release_dir }}/images/{{ image_filename }}"
- name: Set image save/load command for docker
set_fact:
image_save_command: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_final }}"
image_load_command: "{{ docker_bin_dir }}/docker load < {{ image_path_final }}"
when: container_manager == 'docker'
- name: Set image save/load command for containerd - name: Set image save/load command for containerd
set_fact: set_fact:
image_save_command: "{{ containerd_bin_dir }}/ctr -n k8s.io image export {{ image_path_final }} {{ image_reponame }}" image_save_command: "{{ containerd_bin_dir }}/ctr -n k8s.io image export {{ image_path_final }} {{ image_reponame }}"
@ -34,6 +40,11 @@
image_load_command: "skopeo copy docker-archive:{{ image_path_final }} containers-storage:{{ image_reponame }}" image_load_command: "skopeo copy docker-archive:{{ image_path_final }} containers-storage:{{ image_reponame }}"
when: container_manager == 'crio' when: container_manager == 'crio'
- name: Set image save/load command for docker on localhost
set_fact:
image_save_command_on_localhost: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_cached }}"
when: container_manager_on_localhost == 'docker'
- name: Set image save/load command for containerd on localhost - name: Set image save/load command for containerd on localhost
set_fact: set_fact:
image_save_command_on_localhost: "{{ containerd_bin_dir }}/ctr -n k8s.io image export {{ image_path_cached }} {{ image_reponame }}" image_save_command_on_localhost: "{{ containerd_bin_dir }}/ctr -n k8s.io image export {{ image_path_cached }} {{ image_reponame }}"

View file

@ -21,8 +21,26 @@
- upgrade - upgrade
notify: Node | restart kubelet notify: Node | restart kubelet
- name: install | Copy socat wrapper for Container Linux - name: install | Copy socat wrapper for Container Linux with Docker
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}" command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
args: args:
creates: "{{ bin_dir }}/socat" creates: "{{ bin_dir }}/socat"
when: ansible_os_family in ['Flatcar Container Linux by Kinvolk'] when:
- ansible_os_family in ['Flatcar Container Linux by Kinvolk']
- container_manager == "docker"
- name: install | Copy socat wrapper for Container Linux with Containerd
command: "{{ containerd_bin_dir }}/ctr run --rm --mount type=bind,src={{ bin_dir }},dst=/opt/bin,options=rbind:rw {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
args:
creates: "{{ bin_dir }}/socat"
when:
- ansible_os_family in ['Flatcar Container Linux by Kinvolk']
- container_manager == "containerd"
- name: install | Copy socat wrapper for Container Linux with crio
command: "podman run --rm --mount type=bind,source={{ bin_dir }},destination=/opt/bin,rw=true {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
args:
creates: "{{ bin_dir }}/socat"
when:
- ansible_os_family in ['Flatcar Container Linux by Kinvolk']
- container_manager == "crio"

View file

@ -4,22 +4,22 @@
when: calico_cni_config is defined when: calico_cni_config is defined
notify: notify:
- delete 10-calico.conflist - delete 10-calico.conflist
- docker | delete calico-node containers - Calico | delete calico-node docker containers
- containerd | delete calico-node containers - Calico | delete calico-node crio/containerd containers
- name: delete 10-calico.conflist - name: delete 10-calico.conflist
file: file:
path: /etc/cni/net.d/10-calico.conflist path: /etc/cni/net.d/10-calico.conflist
state: absent state: absent
- name: docker | delete calico-node containers - name: Calico | delete calico-node docker containers
shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_calico-node* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f" shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_calico-node* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
register: docker_calico_node_remove register: docker_calico_node_remove
until: docker_calico_node_remove is succeeded until: docker_calico_node_remove is succeeded
retries: 5 retries: 5
when: container_manager in ["docker"] when: container_manager in ["docker"]
- name: containerd | delete calico-node containers - name: Calico | delete calico-node crio/containerd containers
shell: '{{ bin_dir }}/crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"' shell: '{{ bin_dir }}/crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
register: crictl_calico_node_remove register: crictl_calico_node_remove
until: crictl_calico_node_remove is succeeded until: crictl_calico_node_remove is succeeded

View file

@ -2,17 +2,17 @@
- name: reset_kube_router - name: reset_kube_router
command: /bin/true command: /bin/true
notify: notify:
- docker | delete kube-router containers - Kube-router | delete kube-router docker containers
- containerd | delete kube-router containers - Kube-router | delete kube-router crio/containerd containers
- name: docker | delete kube-router containers - name: Kube-router | delete kube-router docker containers
shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_kube-router* -q | xargs --no-run-if-empty docker rm -f" shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_kube-router* -q | xargs --no-run-if-empty docker rm -f"
register: docker_kube_router_remove register: docker_kube_router_remove
until: docker_kube_router_remove is succeeded until: docker_kube_router_remove is succeeded
retries: 5 retries: 5
when: container_manager in ["docker"] when: container_manager in ["docker"]
- name: containerd | delete kube-router containers - name: Kube-router | delete kube-router crio/containerd containers
shell: '{{ bin_dir }}/crictl pods --name kube-router* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"' shell: '{{ bin_dir }}/crictl pods --name kube-router* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
register: crictl_kube_router_remove register: crictl_kube_router_remove
until: crictl_kube_router_remove is succeeded until: crictl_kube_router_remove is succeeded