From 0bcb5f1b3878e3034d5bd719b69705abb76fab51 Mon Sep 17 00:00:00 2001 From: Hao Zhou Date: Fri, 23 Apr 2021 17:38:02 -0700 Subject: [PATCH 1/2] Adding flags to support overriding container runtime endpoint. --- charts/aws-vpc-cni/Chart.yaml | 2 +- charts/aws-vpc-cni/README.md | 2 ++ charts/aws-vpc-cni/templates/daemonset.yaml | 11 +++++++++++ charts/aws-vpc-cni/values.yaml | 6 +++++- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index a68b7534c8..6e6badf2b2 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.1.4 +version: 1.1.5 appVersion: "v1.7.5" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index dc274e86b5..8c49fe904b 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -66,6 +66,8 @@ The following table lists the configurable parameters for this chart and their d | `crd.create` | Specifies whether to create the VPC-CNI CRD | `true` | | `tolerations` | Optional deployment tolerations | `[]` | | `updateStrategy` | Optional update strategy | `type: RollingUpdate` | +| `cri.enabled` | Enable alternative container runtime | `false` | +| `cri.hostPath` | Required if cri.enabled is true | `nil` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index 91e05311d3..28dfbc3a19 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -98,8 +98,13 @@ spec: {{- end }} - mountPath: /host/var/log/aws-routed-eni name: log-dir +{{- if .Values.cri.enabled }} + - mountPath: /var/run/cri.sock + name: cri +{{- else }} - mountPath: /var/run/dockershim.sock name: dockershim +{{- end }} - mountPath: /var/run/aws-node name: run-dir - mountPath: /run/xtables.lock @@ -116,9 +121,15 @@ spec: configMap: name: {{ include "aws-vpc-cni.fullname" . }} {{- end }} +{{- if .Values.cri.enabled }} + - name: cri + hostPath: + path: {{- toYaml .Values.cri.hostPath | nindent 18 }} +{{- else }} - name: dockershim hostPath: path: /var/run/dockershim.sock +{{- end }} - name: log-dir hostPath: path: /var/log/aws-routed-eni diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index aec8f6f530..6c3659bf28 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -160,4 +160,8 @@ eniConfig: # c: # id: subnet-789 # securityGroups: - # - sg-789 \ No newline at end of file + # - sg-789 + +cri: + enabled: false + hostPath: "" From 5c4893aa89d859fb81e1071fd10dc4491a1b4f19 Mon Sep 17 00:00:00 2001 From: Hao Zhou Date: Fri, 30 Apr 2021 12:09:02 -0700 Subject: [PATCH 2/2] updated readme and simplied the value setting for helm chart. --- README.md | 9 +++++++++ charts/aws-vpc-cni/README.md | 3 +-- charts/aws-vpc-cni/templates/daemonset.yaml | 4 ++-- charts/aws-vpc-cni/values.yaml | 3 +-- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c1da32eeac..3ee9bd7c40 100644 --- a/README.md +++ b/README.md @@ -484,6 +484,15 @@ value for the Kubelet's `--max-pods` configuration option. Consider also updating the `MAX_ENI` and `--max-pods` configuration options on this plugin and the kubelet respectively if you are making use of this tag. +### Container Runtime + +Currently IPAMD uses dockershim socket to pull pod sandboxes information upon its starting. The runtime can be set to others. +The mountPath should be changed to `/var/run/cri.sock` and hostPath should be pointed to the wanted socket, such as +`/var/run/containerd/containerd.sock` for containerd. If using helm chart, the flag `--set cri.hostPath=/var/run/containerd/containerd.sock` +can set the paths for you. + +*Note*: When using other container runtime instead of dockershim, make sure also setting kubelet in instances. + ### Notes `L-IPAMD`(aws-node daemonSet) running on every worker node requires access to kubernetes API server. If it can **not** reach diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 8c49fe904b..2415215239 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -66,8 +66,7 @@ The following table lists the configurable parameters for this chart and their d | `crd.create` | Specifies whether to create the VPC-CNI CRD | `true` | | `tolerations` | Optional deployment tolerations | `[]` | | `updateStrategy` | Optional update strategy | `type: RollingUpdate` | -| `cri.enabled` | Enable alternative container runtime | `false` | -| `cri.hostPath` | Required if cri.enabled is true | `nil` | +| `cri.hostPath` | Optional use alternative container runtime | `nil` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index 28dfbc3a19..b66f3cbeed 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -98,7 +98,7 @@ spec: {{- end }} - mountPath: /host/var/log/aws-routed-eni name: log-dir -{{- if .Values.cri.enabled }} +{{- if .Values.cri.hostPath }} - mountPath: /var/run/cri.sock name: cri {{- else }} @@ -121,7 +121,7 @@ spec: configMap: name: {{ include "aws-vpc-cni.fullname" . }} {{- end }} -{{- if .Values.cri.enabled }} +{{- if .Values.cri.hostPath }} - name: cri hostPath: path: {{- toYaml .Values.cri.hostPath | nindent 18 }} diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 6c3659bf28..108204b95d 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -163,5 +163,4 @@ eniConfig: # - sg-789 cri: - enabled: false - hostPath: "" + hostPath: # "/var/run/containerd/containerd.sock"