fix docker opts incompatible running on aarch64 Redhat/Centos

On Aarch64, the default cgroup driver for docker is systemd instead of cgroupfs. Should conform kubelet to use systemd as cgroup driver as well to keep it consistent with docker. Without this change, below exception will be raised. /usr/bin/docker-current: Error response from daemon: shim error: docker-runc not installed on system. Change-Id: Id496ec9eaac6580e4da2f3ef1a386c9abc2a5129

fix docker opts incompatible running on aarch64 Redhat/Centos
f4d762bb · Di Xu · 69ea28e1 · f4d762bb · f4d762bb · f4d762bb
Commit f4d762bb authored 7 years ago by Di Xu
--- a/inventory/sample/group_vars/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster.yml
@@ -145,7 +145,13 @@ docker_daemon_graph: "/var/lib/docker"
 ## An obvious use case is allowing insecure-registry access
 ## to self hosted registries like so:

-docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }}  {{ docker_log_opts }}"
+docker_options: >
+  --insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}
+  {% if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
+  --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
+  --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
+  --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
+  {% endif %}
 docker_bin_dir: "/usr/bin"

 ## If non-empty will override default system MounFlags value.

--- a/roles/kubernetes/node/templates/kubelet.standard.env.j2
+++ b/roles/kubernetes/node/templates/kubelet.standard.env.j2
@@ -40,6 +40,9 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
 {% if kubelet_authorization_mode_webhook %}
 --authorization-mode=Webhook \
 {% endif %}
+{% if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
+--cgroup-driver=systemd \
+{% endif %}
 --enforce-node-allocatable={{ kubelet_enforce_node_allocatable }} {% endif %}{% endset %}

 {# DNS settings for kubelet #}

--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -144,7 +144,13 @@ docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
 ## This string should be exactly as you wish it to appear.
 ## An obvious use case is allowing insecure-registry access
 ## to self hosted registries like so:
-docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}"
+docker_options: >
+  --insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}
+  {% if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
+  --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
+  --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
+  --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
+  {% endif %}

 ## If non-empty will override default system MounFlags value.
 ## This option takes a mount propagation flag: shared, slave