Clean up dockershim flags in the kubelet

Signed-off-by: cyclinder <qifeng.guo@daocloud.io> Co-authored-by: Ciprian Hacman <ciprian@hakman.dev> Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
2022-01-14 11:26:21 +08:00
parent 03bcfab1a6
commit 07999dac70
17 changed files with 26 additions and 371 deletions
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -484,7 +484,7 @@ function ensure-local-ssds-ephemeral-storage() {
  safe-format-and-mount "${device}" "${ephemeral_mountpoint}"

  # mount container runtime root dir on SSD
-  local container_runtime="${CONTAINER_RUNTIME:-docker}"
+  local container_runtime="${CONTAINER_RUNTIME:-containerd}"
  systemctl stop "$container_runtime"
  # Some images remount the container runtime root dir.
  umount "/var/lib/${container_runtime}" || true
@@ -2550,9 +2550,9 @@ function start-volumesnapshot-crd-and-controller {
 # endpoint.
 function update-container-runtime {
  local -r file="$1"
-  local -r container_runtime_endpoint="${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/dockershim.sock}"
+  local -r container_runtime_endpoint="${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/containerd/containerd.sock}"
  sed -i \
-    -e "s@{{ *fluentd_container_runtime_service *}}@${FLUENTD_CONTAINER_RUNTIME_SERVICE:-${CONTAINER_RUNTIME_NAME:-docker}}@g" \
+    -e "s@{{ *fluentd_container_runtime_service *}}@${FLUENTD_CONTAINER_RUNTIME_SERVICE:-${CONTAINER_RUNTIME_NAME:-containerd}}@g" \
    -e "s@{{ *container_runtime_endpoint *}}@${container_runtime_endpoint#unix://}@g" \
    "${file}"
 }
@@ -3446,7 +3446,7 @@ function main() {
  fi

  log-wrap 'OverrideKubectl' override-kubectl
-  container_runtime="${CONTAINER_RUNTIME:-docker}"
+  container_runtime="${CONTAINER_RUNTIME:-containerd}"
  # Run the containerized mounter once to pre-cache the container image.
  if [[ "${container_runtime}" == "docker" ]]; then
    log-wrap 'AssembleDockerFlags' assemble-docker-flags
--- a/cluster/gce/gci/configure.sh
+++ b/cluster/gce/gci/configure.sh
@@ -340,7 +340,7 @@ function install-crictl {

  # Create crictl config file.
  cat > /etc/crictl.yaml <<EOF
-runtime-endpoint: ${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/dockershim.sock}
+runtime-endpoint: ${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/containerd/containerd.sock}
 EOF

  if is-preloaded "${crictl}" "${crictl_hash}"; then
@@ -584,7 +584,7 @@ function install-containerd-ubuntu {
 }

 function ensure-container-runtime {
-  container_runtime="${CONTAINER_RUNTIME:-docker}"
+  container_runtime="${CONTAINER_RUNTIME:-containerd}"
  if [[ "${container_runtime}" == "docker" ]]; then
    if ! command -v docker >/dev/null 2>&1; then
      log-wrap "InstallDocker" install-docker
--- a/cluster/gce/gci/health-monitor.sh
+++ b/cluster/gce/gci/health-monitor.sh
@@ -34,7 +34,7 @@ function container_runtime_monitoring {
  # will also fail, and docker will be killed. This is undesirable especially when
  # docker live restore is disabled.
  local healthcheck_command=(docker ps)
-  if [[ "${CONTAINER_RUNTIME:-docker}" != "docker" ]]; then
+  if [[ "${CONTAINER_RUNTIME:-containerd}" != "docker" ]]; then
    healthcheck_command=("${crictl}" pods)
  fi
  # Container runtime startup takes time. Make initial attempts before starting
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@@ -781,23 +781,6 @@ function construct-linux-kubelet-flags {
      flags+=" --resolv-conf=/run/systemd/resolve/resolv.conf"
    fi
  fi
-  # Network plugin
-  if [[ -n "${NETWORK_PROVIDER:-}" || -n "${NETWORK_POLICY_PROVIDER:-}" ]]; then
-    flags+=" --cni-bin-dir=/home/kubernetes/bin"
-    if [[ "${NETWORK_POLICY_PROVIDER:-}" == "calico" || "${ENABLE_NETD:-}" == "true" ]]; then
-      # Calico uses CNI always.
-      # Note that network policy won't work for master node.
-      if [[ "${node_type}" == "master" ]]; then
-        flags+=" --network-plugin=${NETWORK_PROVIDER}"
-      else
-        flags+=" --network-plugin=cni"
-      fi
-    else
-      # Otherwise use the configured value.
-      flags+=" --network-plugin=${NETWORK_PROVIDER}"
-
-    fi
-  fi
  if [[ -n "${NON_MASQUERADE_CIDR:-}" ]]; then
    flags+=" --non-masquerade-cidr=${NON_MASQUERADE_CIDR}"
  fi
@@ -810,12 +793,11 @@ function construct-linux-kubelet-flags {
  if [[ -n "${NODE_TAINTS:-}" ]]; then
    flags+=" --register-with-taints=${NODE_TAINTS}"
  fi
-  if [[ "${CONTAINER_RUNTIME:-}" != "docker" ]]; then
-    flags+=" --container-runtime=remote"
-    if [[ "${CONTAINER_RUNTIME}" == "containerd" ]]; then
-      CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
-      flags+=" --runtime-cgroups=/system.slice/containerd.service"
-    fi
+
+  flags+=" --container-runtime=remote"
+  if [[ "${CONTAINER_RUNTIME}" == "containerd" ]]; then
+    CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
+    flags+=" --runtime-cgroups=/system.slice/containerd.service"
  fi

  if [[ -n "${CONTAINER_RUNTIME_ENDPOINT:-}" ]]; then
@@ -861,17 +843,8 @@ function construct-windows-kubelet-flags {

  # The directory where the TLS certs are located.
  flags+=" --cert-dir=${WINDOWS_PKI_DIR}"
-
-  flags+=" --network-plugin=cni"
-  flags+=" --cni-bin-dir=${WINDOWS_CNI_DIR}"
-  flags+=" --cni-conf-dir=${WINDOWS_CNI_CONFIG_DIR}"
  flags+=" --pod-manifest-path=${WINDOWS_MANIFESTS_DIR}"

-  # Windows images are large and we don't have gcr mirrors yet. Allow longer
-  # pull progress deadline.
-  flags+=" --image-pull-progress-deadline=5m"
-  flags+=" --enable-debugging-handlers=true"
-
  # Configure kubelet to run as a windows service.
  flags+=" --windows-service=true"

@@ -888,13 +861,10 @@ function construct-windows-kubelet-flags {
  # TODO(#78628): Re-enable KubeletPodResources when the issue is fixed.
  # Force disable KubeletPodResources feature on Windows until #78628 is fixed.
  flags+=" --feature-gates=KubeletPodResources=false"
-
-  if [[ "${WINDOWS_CONTAINER_RUNTIME:-}" != "docker" ]]; then
-    flags+=" --container-runtime=remote"
-    if [[ "${WINDOWS_CONTAINER_RUNTIME}" == "containerd" ]]; then
-      WINDOWS_CONTAINER_RUNTIME_ENDPOINT=${KUBE_WINDOWS_CONTAINER_RUNTIME_ENDPOINT:-npipe:////./pipe/containerd-containerd}
-      flags+=" --container-runtime-endpoint=${WINDOWS_CONTAINER_RUNTIME_ENDPOINT}"
-    fi
+  flags+=" --container-runtime=remote"
+  if [[ "${WINDOWS_CONTAINER_RUNTIME}" == "containerd" ]]; then
+    WINDOWS_CONTAINER_RUNTIME_ENDPOINT=${KUBE_WINDOWS_CONTAINER_RUNTIME_ENDPOINT:-npipe:////./pipe/containerd-containerd}
+    flags+=" --container-runtime-endpoint=${WINDOWS_CONTAINER_RUNTIME_ENDPOINT}"
  fi

  KUBELET_ARGS="${flags}"