diff --git a/roles/container-engine/nerdctl/handlers/main.yml b/roles/container-engine/nerdctl/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..27895ff742f574d02f7682c315c0b68bfa3228fc
--- /dev/null
+++ b/roles/container-engine/nerdctl/handlers/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Get nerdctl completion
+ command: "{{ bin_dir }}/nerdctl completion bash"
+ changed_when: False
+ register: nerdctl_completion
+ check_mode: false
+
+- name: Install nerdctl completion
+ copy:
+ dest: /etc/bash_completion.d/nerdctl
+ content: "{{ nerdctl_completion.stdout }}"
+ mode: 0644
diff --git a/roles/container-engine/nerdctl/tasks/main.yml b/roles/container-engine/nerdctl/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4afddafafc6e66c7fc639f72049787e8eda0b3e2
--- /dev/null
+++ b/roles/container-engine/nerdctl/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: nerdctl | Download nerdctl
+ include_tasks: "../../../download/tasks/download_file.yml"
+ vars:
+ download: "{{ download_defaults | combine(downloads.nerdctl) }}"
+
+- name: nerdctl | Copy nerdctl binary from download dir
+ copy:
+ src: "{{ local_release_dir }}/nerdctl"
+ dest: "{{ bin_dir }}/nerdctl"
+ mode: 0755
+ remote_src: true
+ notify:
+ - Get nerdctl completion
+ - Install nerdctl completion
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index d9dedf5eaa50716b4a622155bdeb4935de608114..99d080bb5197fa55a37747a569960ada553abed4 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -84,6 +84,7 @@ multus_version: "v3.7"
ovn4nfv_ovn_image_version: "v1.0.0"
ovn4nfv_k8s_plugin_image_version: "v1.1.0"
helm_version: "v3.5.4"
+nerdctl_version: "0.8.0"
# Get kubernetes major version (i.e. 1.17.4 => 1.17)
kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
@@ -105,6 +106,7 @@ crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/down
helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
kata_containers_download_url: "https://github.com/kata-containers/runtime/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
+nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
crictl_checksums:
arm:
@@ -366,6 +368,14 @@ kata_containers_binary_checksums:
1.11.3: 0
1.12.1: 0
+nerdctl_archive_checksums:
+ arm:
+ 0.8.0: 4f010fad22de10c839c003f126e9a10971abd142a9666bd1d3f2f49a3b545b5a
+ arm64:
+ 0.8.0: 55073069e72315b58b4ebedb49c48f7d762cae02c541cbb36693223ae4019a6b
+ amd64:
+ 0.8.0: a8097ad1f302c4ee2643162569a8f7019190461e740e453f41dba3ba264d0d3d
+
etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}"
cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}"
kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}"
@@ -377,6 +387,7 @@ crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
+nerdctl_archive_checksum: "{{ nerdctl_archive_checksums[image_arch][nerdctl_version] }}"
# Containers
# In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
@@ -657,6 +668,19 @@ downloads:
groups:
- k8s-cluster
+ nerdctl:
+ file: true
+ enabled: "{{ nerdctl_enabled }}"
+ version: "{{ nerdctl_version }}"
+ dest: "{{ local_release_dir }}/nerdctl-{{ nerdctl_version }}-linux-{{ image_arch }}.tar.gz"
+ sha256: "{{ nerdctl_archive_checksum }}"
+ url: "{{ nerdctl_download_url }}"
+ unarchive: true
+ owner: "root"
+ mode: "0755"
+ groups:
+ - k8s-cluster
+
cilium:
enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
container: true
diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml
index e20945af3c12f649c20da377283253155c4091ea..48b592050ad8e2735854fb6564f0b12bda636cad 100644
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -14,6 +14,14 @@
- not skip_downloads|default(false)
- container_manager in ['containerd', 'crio']
+- name: install nerdctl
+ import_role:
+ name: container-engine/nerdctl
+ when:
+ - not skip_downloads|default(false)
+ - container_manager in ['containerd']
+ - nerdctl_enabled
+
- name: download | Get kubeadm binary and list of required images
include_tasks: prep_kubeadm_images.yml
when:
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 13f8c773b9e58da09e016b0a2ce134153c346e4f..6ca0b9844805a2a2fe5cd4c92cf2c31e14d81025 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -361,6 +361,9 @@ cert_manager_enabled: false
expand_persistent_volumes: false
metallb_enabled: false
+# containerd official CLI tool
+nerdctl_enabled: false
+
## When OpenStack is used, Cinder version can be explicitly specified if autodetection fails (Fixed in 1.9: https://github.com/kubernetes/kubernetes/issues/50461)
# openstack_blockstorage_version: "v1/v2/auto (default)"
openstack_blockstorage_ignore_volume_az: "{{ volume_cross_zone_attachment | default('false') }}"
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 6370f01ef9d8c50fcf375ac361cdb2e4026c7dfc..d216cd5ceb4dcbb4a0c03aee3497b25388a2c5b8 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -287,6 +287,7 @@
- "{{ bin_dir }}/calico-upgrade"
- "{{ bin_dir }}/weave"
- "{{ bin_dir }}/crictl"
+ - "{{ bin_dir }}/nerdctl"
- "{{ bin_dir }}/netctl"
- "{{ bin_dir }}/k8s-certs-renew.sh"
- /var/lib/cni
@@ -298,6 +299,7 @@
- /run/calico
- /etc/bash_completion.d/kubectl.sh
- /etc/bash_completion.d/crictl
+ - /etc/bash_completion.d/nerdctl
ignore_errors: yes
tags:
- files