diff --git a/README.md b/README.md
index 7b533ee2b3d9a55b2383bb8de9a92d44df5ad024..30a66f01503a3b4c7c1bd9e0fc1fa535cb3c6901 100644
--- a/README.md
+++ b/README.md
@@ -131,7 +131,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.20.5
- [etcd](https://github.com/coreos/etcd) v3.4.13
- [docker](https://www.docker.com/) v19.03 (see note)
- - [containerd](https://containerd.io/) v1.3.9
+ - [containerd](https://containerd.io/) v1.4.4
- [cri-o](http://cri-o.io/) v1.19 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
- Network Plugin
- [cni-plugins](https://github.com/containernetworking/plugins) v0.9.0
diff --git a/docs/containerd.md b/docs/containerd.md
index c026425950e9d5a2295e21bac522c8a78dc1c0f0..98de3c23c2cc21191822cf3b5f137ace4319bbb1 100644
--- a/docs/containerd.md
+++ b/docs/containerd.md
@@ -22,16 +22,10 @@ etcd_deployment_type: host
Example: define registry mirror for docker hub
```yaml
-containerd_config:
- grpc:
- max_recv_message_size: 16777216
- max_send_message_size: 16777216
- debug:
- level: ""
- registries:
- "docker.io":
- - "https://mirror.gcr.io"
- - "https://registry-1.docker.io"
+containerd_registries:
+ "docker.io":
+ - "https://mirror.gcr.io"
+ - "https://registry-1.docker.io"
```
[containerd]: https://containerd.io/
diff --git a/docs/upgrades.md b/docs/upgrades.md
index 8d69b5429277d450e909b4343ec4e5f637832eea..f0cde5e87ea1ea85bf20e14343f5d51d125906ba 100644
--- a/docs/upgrades.md
+++ b/docs/upgrades.md
@@ -7,6 +7,7 @@ You can also individually control versions of components by explicitly defining
versions. Here are all version vars for each component:
* docker_version
+* containerd_version
* kube_version
* etcd_version
* calico_version
@@ -283,6 +284,7 @@ installed in the Ansible playbook. The order of component installation is as
follows:
* Docker
+* Containerd
* etcd
* kubelet and kube-proxy
* network_plugin (such as Calico or Weave)
diff --git a/docs/vars.md b/docs/vars.md
index 310f3f29fefce551d9a7945332e8080b2e4a5c12..1cdfd943899199a5ad6c45b65a386d83c8901d81 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -18,6 +18,7 @@ Some variables of note include:
* *docker_version* - Specify version of Docker to used (should be quoted
string). Must match one of the keys defined for *docker_versioned_pkg*
in `roles/container-engine/docker/vars/*.yml`.
+* *containerd_version* - Specify version of Containerd to use
* *etcd_version* - Specify version of ETCD to use
* *ipip* - Enables Calico ipip encapsulation by default
* *kube_network_plugin* - Sets k8s network plugin (default Calico)
@@ -115,7 +116,8 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
* *docker_options* - Commonly used to set
``--insecure-registry=myregistry.mydomain:5000``
* *docker_plugins* - This list can be used to define [Docker plugins](https://docs.docker.com/engine/extend/) to install.
-* *containerd_config* - Controls some parameters in containerd configuration file (usually /etc/containerd/config.toml).
+* *containerd_default_runtime* - Sets the default Containerd runtime used by the Kubernetes CRI plugin.
+* *containerd_runtimes* - Sets the Containerd runtime attributes used by the Kubernetes CRI plugin.
[Default config](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/container-engine/containerd/defaults/main.yml) can be overriden in inventory vars.
* *http_proxy/https_proxy/no_proxy/no_proxy_exclude_workers/additional_no_proxy* - Proxy variables for deploying behind a
proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames
diff --git a/inventory/sample/group_vars/all/containerd.yml b/inventory/sample/group_vars/all/containerd.yml
index 0f1e97749e11449dab6d34188785de3aa05f7d4f..795bd4aafbe34082a97fba1729c818d986cc93f0 100644
--- a/inventory/sample/group_vars/all/containerd.yml
+++ b/inventory/sample/group_vars/all/containerd.yml
@@ -1,19 +1,30 @@
---
# Please see roles/container-engine/containerd/defaults/main.yml for more configuration options
-# Example: define registry mirror for docker hub
-
-# containerd_config:
-# grpc:
-# max_recv_message_size: 16777216
-# max_send_message_size: 16777216
-# debug:
-# level: ""
-# registries:
-# "docker.io":
-# - "https://mirror.gcr.io"
-# - "https://registry-1.docker.io"
-# max_container_log_line_size: -1
-# metrics:
-# address: ""
-# grpc_histogram: false
+# containerd_default_runtime: "runc"
+# containerd_snapshotter: "native"
+
+# containerd_runtimes:
+# - name: runc
+# type: "io.containerd.runc.v2"
+# engine: ""
+# root: ""
+# Example for Kata Containers as additional runtime:
+# - name: kata
+# type: "io.containerd.kata.v2"
+# engine: ""
+# root: ""
+
+# containerd_grpc_max_recv_message_size: 16777216
+# containerd_grpc_max_send_message_size: 16777216
+
+# containerd_debug_level: "info"
+
+# containerd_metrics_address: ""
+
+# containerd_metrics_grpc_histogram: false
+
+# containerd_registries:
+# "docker.io": "https://registry-1.docker.io"
+
+# containerd_max_container_log_line_size: -1
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index fe1c184e60ec0768180823e9e5827f8b9e849c1b..202584a95dd82cad21afd90c7ec398f2ae50dc92 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -198,30 +198,16 @@ container_manager: docker
kata_containers_enabled: false
## Settings for containerd runtimes (only used when container_manager is set to containerd)
-#
-# Settings for default containerd runtime
-# containerd_default_runtime:
-# type: io.containerd.runtime.v1.linux
-# engine: ''
-# root: ''
-#
-# Settings for additional runtimes for containerd configuration
# containerd_runtimes:
-# - name: ""
-# type: ""
-# engine: ""
-# root: ""
+# - name: runc
+# type: "io.containerd.runc.v2"
+# engine: ""
+# root: ""
# Example for Kata Containers as additional runtime:
-# containerd_runtimes:
-# - name: kata
-# type: io.containerd.kata.v2
-# engine: ""
-# root: ""
-#
-# Settings for untrusted containerd runtime
-# containerd_untrusted_runtime_type: ''
-# containerd_untrusted_runtime_engine: ''
-# containerd_untrusted_runtime_root: ''
+# - name: kata
+# type: io.containerd.kata.v2
+# engine: ""
+# root: ""
kubeadm_certificate_key: "{{ lookup('password', credentials_dir + '/kubeadm_certificate_key.creds length=64 chars=hexdigits') | lower }}"
diff --git a/roles/container-engine/containerd-common/defaults/main.yml b/roles/container-engine/containerd-common/defaults/main.yml
index 16d1857fbe44693e36134f4b1be24de8b0d25eae..5ee766409c7644fda5f000aac76254d82cbcdbd2 100644
--- a/roles/container-engine/containerd-common/defaults/main.yml
+++ b/roles/container-engine/containerd-common/defaults/main.yml
@@ -1,3 +1,2 @@
---
-containerd_version: '1.3.9'
containerd_package: 'containerd.io'
diff --git a/roles/container-engine/containerd-common/vars/debian-stretch.yml b/roles/container-engine/containerd-common/vars/debian-stretch.yml
new file mode 100644
index 0000000000000000000000000000000000000000..03c63b2730014d990855c9ad885a2ef2bb195c78
--- /dev/null
+++ b/roles/container-engine/containerd-common/vars/debian-stretch.yml
@@ -0,0 +1,8 @@
+---
+containerd_versioned_pkg:
+ 'latest': "{{ containerd_package }}"
+ '1.3.7': "{{ containerd_package }}=1.3.7-1"
+ '1.3.9': "{{ containerd_package }}=1.3.9-1"
+ '1.4.3': "{{ containerd_package }}=1.4.3-1"
+ 'stable': "{{ containerd_package }}=1.4.3-1"
+ 'edge': "{{ containerd_package }}=1.4.3-1"
diff --git a/roles/container-engine/containerd-common/vars/debian.yml b/roles/container-engine/containerd-common/vars/debian.yml
index 9b98dce96072289c48c7b0f42b361f1d932d4084..6c0ad9c5428ceec9b95d03ec7f9a68b3f5235a43 100644
--- a/roles/container-engine/containerd-common/vars/debian.yml
+++ b/roles/container-engine/containerd-common/vars/debian.yml
@@ -1,13 +1,9 @@
---
containerd_versioned_pkg:
'latest': "{{ containerd_package }}"
- '1.2.4': "{{ containerd_package }}=1.2.4-1"
- '1.2.5': "{{ containerd_package }}=1.2.5-1"
- '1.2.6': "{{ containerd_package }}=1.2.6-3"
- '1.2.10': "{{ containerd_package }}=1.2.10-3"
- '1.2.12': "{{ containerd_package }}=1.2.12-1"
- '1.2.13': "{{ containerd_package }}=1.2.13-2"
'1.3.7': "{{ containerd_package }}=1.3.7-1"
'1.3.9': "{{ containerd_package }}=1.3.9-1"
- 'stable': "{{ containerd_package }}=1.3.9-1"
- 'edge': "{{ containerd_package }}=1.3.9-1"
+ '1.4.3': "{{ containerd_package }}=1.4.3-2"
+ '1.4.4': "{{ containerd_package }}=1.4.4-1"
+ 'stable': "{{ containerd_package }}=1.4.4-1"
+ 'edge': "{{ containerd_package }}=1.4.4-1"
diff --git a/roles/container-engine/containerd-common/vars/fedora.yml b/roles/container-engine/containerd-common/vars/fedora.yml
index bb2a316ddaddf6180d2ff282581cb3ce1a559aff..2ffc0987b7082f44bd55c0fa2a017c3c2c26cec4 100644
--- a/roles/container-engine/containerd-common/vars/fedora.yml
+++ b/roles/container-engine/containerd-common/vars/fedora.yml
@@ -1,10 +1,9 @@
---
containerd_versioned_pkg:
'latest': "{{ containerd_package }}"
- '1.2.10': "{{ containerd_package }}-1.2.10-3.2.fc{{ ansible_distribution_major_version }}"
- '1.2.12': "{{ containerd_package }}-1.2.12-3.1.fc{{ ansible_distribution_major_version }}"
- '1.2.13': "{{ containerd_package }}-1.2.13-3.2.fc{{ ansible_distribution_major_version }}"
'1.3.7': "{{ containerd_package }}-1.3.7-3.1.fc{{ ansible_distribution_major_version }}"
'1.3.9': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
- 'stable': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
- 'edge': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
+ '1.4.3': "{{ containerd_package }}-1.4.3-3.2.fc{{ ansible_distribution_major_version }}"
+ '1.4.4': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
+ 'stable': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
+ 'edge': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
diff --git a/roles/container-engine/containerd-common/vars/redhat.yml b/roles/container-engine/containerd-common/vars/redhat.yml
index 9c666cbd99db241452f6b64e96a766a12802624e..04e320f15ad58e886b781a002a2cf0dda68a860a 100644
--- a/roles/container-engine/containerd-common/vars/redhat.yml
+++ b/roles/container-engine/containerd-common/vars/redhat.yml
@@ -1,13 +1,9 @@
---
containerd_versioned_pkg:
'latest': "{{ containerd_package }}"
- '1.2.4': "{{ containerd_package }}-1.2.4-3.1.el7"
- '1.2.5': "{{ containerd_package }}-1.2.5-3.1.el7"
- '1.2.6': "{{ containerd_package }}-1.2.6-3.3.el7"
- '1.2.10': "{{ containerd_package }}-1.2.10-3.2.el7"
- '1.2.12': "{{ containerd_package }}-1.2.12-3.1.el7"
- '1.2.13': "{{ containerd_package }}-1.2.13-3.2.el7"
'1.3.7': "{{ containerd_package }}-1.3.7-3.1.el{{ ansible_distribution_major_version }}"
'1.3.9': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
- 'stable': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
- 'edge': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
+ '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el{{ ansible_distribution_major_version }}"
+ '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
+ 'stable': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
+ 'edge': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
diff --git a/roles/container-engine/containerd-common/vars/ubuntu.yml b/roles/container-engine/containerd-common/vars/ubuntu.yml
index a996865ca8216eef63e8046d33dee3fd6397996a..6c0ad9c5428ceec9b95d03ec7f9a68b3f5235a43 100644
--- a/roles/container-engine/containerd-common/vars/ubuntu.yml
+++ b/roles/container-engine/containerd-common/vars/ubuntu.yml
@@ -1,10 +1,9 @@
---
containerd_versioned_pkg:
'latest': "{{ containerd_package }}"
- '1.2.10': "{{ containerd_package }}=1.2.10-3"
- '1.2.12': "{{ containerd_package }}=1.2.12-1"
- '1.2.13': "{{ containerd_package }}=1.2.13-2"
'1.3.7': "{{ containerd_package }}=1.3.7-1"
'1.3.9': "{{ containerd_package }}=1.3.9-1"
- 'stable': "{{ containerd_package }}=1.3.9-1"
- 'edge': "{{ containerd_package }}=1.3.9-1"
+ '1.4.3': "{{ containerd_package }}=1.4.3-2"
+ '1.4.4': "{{ containerd_package }}=1.4.4-1"
+ 'stable': "{{ containerd_package }}=1.4.4-1"
+ 'edge': "{{ containerd_package }}=1.4.4-1"
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index 470e96d2e3712547fc69a56bc1cf688f2aaddc8a..908f56b3018f45479949a4f5b415ce2da8c3dd9c 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -1,27 +1,40 @@
---
-# The root directory for containerd metadata
-containerd_metadata_root_dir: /var/lib/containerd
-# The state directory for containerd
-containerd_state_dir: /run/containerd
-
-containerd_config:
- grpc:
- max_recv_message_size: 16777216
- max_send_message_size: 16777216
- debug:
- level: ""
- registries:
- "docker.io": "https://registry-1.docker.io"
- max_container_log_line_size: -1
- # containerd:
- # snapshotter: native
+
+containerd_default_runtime: "runc"
+# containerd_snapshotter: "native"
+
+containerd_runtimes:
+ - name: runc
+ type: "io.containerd.runc.v2"
+ engine: ""
+ root: ""
+ options:
+ systemdCgroup: "true"
+# Example for Kata Containers as additional runtime:
+# - name: kata
+# type: "io.containerd.kata.v2"
+# engine: ""
+# root: ""
+
+containerd_grpc_max_recv_message_size: 16777216
+containerd_grpc_max_send_message_size: 16777216
+
+containerd_debug_level: "info"
+
+containerd_metrics_address: ""
+
+containerd_metrics_grpc_histogram: false
+
+containerd_registries:
+ "docker.io": "https://registry-1.docker.io"
+
+containerd_max_container_log_line_size: -1
containerd_cfg_dir: /etc/containerd
# Path to runc binary
runc_binary: /usr/bin/runc
-
yum_repo_dir: /etc/yum.repos.d
# Optional values for containerd apt repo
@@ -36,38 +49,18 @@ containerd_repo_info:
# Ubuntu docker-ce repo
containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
-containerd_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
-containerd_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
-containerd_ubuntu_repo_component: 'stable'
+containerd_ubuntu_repo_gpgkey: "https://download.docker.com/linux/ubuntu/gpg"
+containerd_ubuntu_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+containerd_ubuntu_repo_component: "stable"
# Debian docker-ce repo
-containerd_debian_repo_base_url: 'https://download.docker.com/linux/debian'
-containerd_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg'
-containerd_debian_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
-containerd_debian_repo_component: 'stable'
+containerd_debian_repo_base_url: "https://download.docker.com/linux/debian"
+containerd_debian_repo_gpgkey: "https://download.docker.com/linux/debian/gpg"
+containerd_debian_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+containerd_debian_repo_component: "stable"
# Fedora docker-ce repo
-containerd_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable'
-containerd_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg'
-containerd_fedora_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
-containerd_fedora_repo_component: 'stable'
-
-containerd_default_runtime:
- type: io.containerd.runtime.v1.linux
- engine: ''
- root: ''
-
-# Additional runtimes for containerd configuration
-#
-# Example for Kata Containers:
-# containerd_runtimes:
-# - name: kata
-# type: io.containerd.kata.v2
-# engine: ""
-# root: ""
-# privileged_without_host_devices: true
-containerd_runtimes: []
-
-containerd_untrusted_runtime_type: ''
-containerd_untrusted_runtime_engine: ''
-containerd_untrusted_runtime_root: ''
+containerd_fedora_repo_base_url: "https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable"
+containerd_fedora_repo_gpgkey: "https://download.docker.com/linux/fedora/gpg"
+containerd_fedora_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+containerd_fedora_repo_component: "stable"
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index 0f0f80ba0d6987c1d2e31950efbf9921bb2dd598..ed38969362e20ae6a31814692f116d53e350e366 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -1,80 +1,41 @@
-# persistent data location
-root = "{{ containerd_metadata_root_dir }}"
-# runtime state information
-state = "{{ containerd_state_dir }}"
+version = 2
-# Kubernetes doesn't use containerd restart manager.
-disabled_plugins = ["restart"]
+[grpc]
+ max_recv_message_size = {{ containerd_grpc_max_recv_message_size | default(16777216) }}
+ max_send_message_size = {{ containerd_grpc_max_send_message_size | default(16777216) }}
[debug]
- level = "{{ containerd_config.debug.level | default("") }}"
+ level = "{{ containerd_debug_level | default('info') }}"
-{% if 'grpc' in containerd_config %}
-[grpc]
-{% for param, value in containerd_config.grpc.items() %}
- {{ param }} = {{ value }}
+[metrics]
+ address = "{{ containerd_metrics_address | default('') }}"
+ grpc_histogram = {{ containerd_metrics_grpc_histogram | default(false) | lower }}
+
+[plugins]
+ [plugins."io.containerd.grpc.v1.cri"]
+ sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
+ max_container_log_line_size = {{ containerd_max_container_log_line_size }}
+ [plugins."io.containerd.grpc.v1.cri".containerd]
+ default_runtime_name = "{{ containerd_default_runtime | default('runc') }}"
+ snapshotter = "{{ containerd_snapshotter | default('overlayfs') }}"
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+{% for runtime in containerd_runtimes %}
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}]
+ runtime_type = "{{ runtime.type }}"
+ runtime_engine = "{{ runtime.engine }}"
+ runtime_root = "{{ runtime.root }}"
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}.options]
+{% for key, value in runtime.options.items() %}
+ {{ key }} = {{ value }}
{% endfor %}
-{% endif %}
-
-[plugins.linux]
- shim = "/usr/bin/containerd-shim"
- runtime = "{{ runc_binary }}"
-
-[plugins.cri]
- stream_server_address = "127.0.0.1"
- max_container_log_line_size = {{ containerd_config.max_container_log_line_size }}
- sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
- systemd_cgroup = {{ containerd_use_systemd_cgroup|lower }}
-
-[plugins.cri.cni]
- bin_dir = "/opt/cni/bin"
- conf_dir = "/etc/cni/net.d"
- conf_template = ""
-
-{% if 'containerd' in containerd_config %}
-[plugins.cri.containerd]
-{% for param, value in containerd_config.containerd.items() %}
- {{ param }} = "{{ value }}"
{% endfor %}
-{% endif %}
-
-[plugins.cri.containerd.default_runtime]
- runtime_type = "{{ containerd_default_runtime.type }}"
- runtime_engine = "{{ containerd_default_runtime.engine }}"
- runtime_root = "{{ containerd_default_runtime.root }}"
- privileged_without_host_devices = {{ containerd_default_runtime.privileged_without_host_devices|default(false)|lower }}
-
{% if kata_containers_enabled %}
-[plugins.cri.containerd.runtimes.kata-qemu]
- runtime_type = "io.containerd.kata-qemu.v2"
- [plugins.cri.containerd.runtimes.kata-qemu.options]
- ConfigPath = "/etc/kata-containers/configuration-qemu.toml"
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu]
+ runtime_type = "io.containerd.kata-qemu.v2"
{% endif %}
-
-{% for runtime in containerd_runtimes %}
-[plugins.cri.containerd.runtimes.{{ runtime.name }}]
- runtime_type = "{{ runtime.type }}"
- runtime_engine = "{{ runtime.engine }}"
- runtime_root = "{{ runtime.root }}"
- privileged_without_host_devices = {{ runtime.privileged_without_host_devices|default(false)|lower }}
-{% endfor %}
-
-[plugins.cri.containerd.untrusted_workload_runtime]
- runtime_type = "{{ containerd_untrusted_runtime_type }}"
- runtime_engine = "{{ containerd_untrusted_runtime_engine }}"
- runtime_root = "{{ containerd_untrusted_runtime_root }}"
-
-{% if 'registries' in containerd_config %}
-[plugins.cri.registry]
-[plugins.cri.registry.mirrors]
-{% for registry, addr in containerd_config.registries.items() %}
-[plugins.cri.registry.mirrors."{{ registry }}"]
- endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
+ [plugins."io.containerd.grpc.v1.cri".registry]
+ [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
+{% for registry, addr in containerd_registries.items() %}
+ [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
+ endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
{% endfor %}
-{% endif %}
-
-{% if 'metrics' in containerd_config %}
-[metrics]
- address = "{{ containerd_config.metrics.address | default('') }}"
- grpc_histogram = {{ containerd_config.metrics.grpc_histogram | default(false) | lower }}
-{% endif %}
diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index b3f449008d0b13368962daac74a76b03a09cd0b8..84824182de572456000cf153b809ae739dbfdb73 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -298,3 +298,19 @@
that: ansible_os_family not in ["Flatcar Container Linux by Kinvolk"]
msg: "download_run_once not supported for Flatcar Container Linux"
when: download_run_once or download_force_cache
+
+- name: Ensure minimum containerd version
+ assert:
+ that: containerd_version is version(containerd_min_version_required, '>=')
+ msg: "containerd_version is too low. Minimum version {{ containerd_min_version_required }}"
+ run_once: yes
+ when:
+ - container_manager == 'containerd'
+
+- name: Stop if using deprecated containerd_config variable
+ assert:
+ that: containerd_config is not defined
+ msg: "Variable containerd_config is now deprecated. See https://github.com/kubernetes-sigs/kubespray/blob/master/inventory/sample/group_vars/all/containerd.yml for details."
+ when:
+ - containerd_config is defined
+ - not ignore_assert_errors
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 8d0f37cfb5fbc9fcc5304942152491d42eb52b5a..55bc698325f5be64fefe74573e4f75ea64a0f635 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -309,7 +309,13 @@ docker_plugins: []
etcd_kubeadm_enabled: false
# Containerd options
-containerd_use_systemd_cgroup: false
+containerd_version: >-
+ {%- if ansible_os_family == "Debian" and ansible_distribution_release == "stretch" -%}
+ 1.4.3
+ {%- else -%}
+ 1.4.4
+ {%- endif -%}
+containerd_use_systemd_cgroup: true
# Settings for containerized control plane (etcd/kubelet/secrets)
# deployment type for legacy etcd mode
diff --git a/roles/kubespray-defaults/vars/main.yml b/roles/kubespray-defaults/vars/main.yml
index 17e647a3fb51017eccb75f705cd8bc56a0e6a974..4aa76c6d796b56cec3ae013b18d23c407b8b775b 100644
--- a/roles/kubespray-defaults/vars/main.yml
+++ b/roles/kubespray-defaults/vars/main.yml
@@ -5,3 +5,5 @@ kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"
# The lowest version allowed to upgrade from (same as calico_version in the previous branch)
calico_min_version_required: "v3.15.2"
+
+containerd_min_version_required: "1.3.7"
diff --git a/tests/common/_docker_hub_registry_mirror.yml b/tests/common/_docker_hub_registry_mirror.yml
index a9d95e8423854022590ac2f4ff743c6fb6fccb05..18006742c431df4000fc137c0253768f6f60b8d2 100644
--- a/tests/common/_docker_hub_registry_mirror.yml
+++ b/tests/common/_docker_hub_registry_mirror.yml
@@ -2,17 +2,15 @@
docker_registry_mirrors:
- "https://mirror.gcr.io"
-containerd_config:
- grpc:
- max_recv_message_size: 16777216
- max_send_message_size: 16777216
- debug:
- level: ""
- registries:
- "docker.io":
- - "https://mirror.gcr.io"
- - "https://registry-1.docker.io"
- max_container_log_line_size: -1
+containerd_grpc_max_recv_message_size: 16777216
+containerd_grpc_max_send_message_size: 16777216
+
+containerd_registries:
+ "docker.io":
+ - "https://mirror.gcr.io"
+ - "https://registry-1.docker.io"
+
+containerd_max_container_log_line_size: -1
crio_registries_mirrors:
- prefix: docker.io
diff --git a/tests/files/packet_centos7-flannel-containerd-addons-ha.yml b/tests/files/packet_centos7-flannel-containerd-addons-ha.yml
index 88bd92defc7b576e3dda601cc629ab55f2e2d2d5..fa5fff1a7129140b1ecc55bb18aa063b5dd3f442 100644
--- a/tests/files/packet_centos7-flannel-containerd-addons-ha.yml
+++ b/tests/files/packet_centos7-flannel-containerd-addons-ha.yml
@@ -38,7 +38,3 @@ tls_cipher_suites:
etcd_tls_cipher_suites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-
-# Containerd path
-containerd_metadata_root_dir: /var/data/containerd
-containerd_state_dir: /run/cri/containerd