Merge pull request #460 from treydock/containerd

Support installing containerd using a package
puppetlabs · Dec 14, 2020 · 09c8c84 · 09c8c84
2 parents a39eaac + bbaf07d
commit 09c8c84
Show file tree

Hide file tree

Showing 11 changed files with 606 additions and 84 deletions.
diff --git a/README.md b/README.md
@@ -253,6 +253,18 @@ Specifies the version of the containerd runtime the module installs.
 
 Defaults to `1.1.0`.
 
+### `containerd_install_method`
+
+The method used to install containerd. Either `archive` or `package`.
+
+Defaults to `archive`.
+
+### `containerd_package_name`
+
+The package name for containerd when `containerd_install_method` is `package`.
+
+Defaults to `containerd.io`
+
 #### `containerd_archive`
 
 The name of the containerd archive.

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -29,6 +29,14 @@
 #   This is the version of the containerd runtime the module will install.
 #   Defaults to 1.1.0
 #
+# [*containerd_install_method*]
+#   Whether to install containerd via archive or package.
+#   Defaults to archive
+#
+# [*containerd_package_name*]
+#   containerd package name
+#   Defaults to containerd.io
+#
 # [*containerd_archive*]
 #  The name of the containerd archive
 #  Defaults to containerd-${containerd_version}.linux-amd64.tar.gz
@@ -486,6 +494,8 @@
   },
   String $container_runtime                                      = 'docker',
   Optional[String] $containerd_version                           = '1.1.0',
+  Enum['archive','package'] $containerd_install_method           = 'archive',
+  String $containerd_package_name                                = 'containerd.io',
   Optional[String] $docker_package_name                          = 'docker-engine',
   Optional[String] $docker_version                               = $facts['os']['family'] ? {
     'Debian' => '17.03.0~ce-0~ubuntu-xenial',

diff --git a/manifests/packages.pp b/manifests/packages.pp
@@ -1,37 +1,40 @@
 # Class kubernetes packages
 
 class kubernetes::packages (
-  String $kubernetes_package_version            = $kubernetes::kubernetes_package_version,
-  String $container_runtime                     = $kubernetes::container_runtime,
-  Boolean $manage_docker                        = $kubernetes::manage_docker,
-  Boolean $manage_etcd                          = $kubernetes::manage_etcd,
-  Optional[String] $docker_version              = $kubernetes::docker_version,
-  Optional[String] $docker_package_name         = $kubernetes::docker_package_name,
-  Optional[String] $docker_storage_driver       = $kubernetes::docker_storage_driver,
-  Optional[String] $docker_cgroup_driver        = $kubernetes::cgroup_driver,
-  Optional[Array] $docker_storage_opts          = $kubernetes::docker_storage_opts,
-  Optional[String] $docker_extra_daemon_config  = $kubernetes::docker_extra_daemon_config,
-  String $docker_log_max_file                   = $kubernetes::docker_log_max_file,
-  String $docker_log_max_size                   = $kubernetes::docker_log_max_size,
-  Boolean $controller                           = $kubernetes::controller,
-  Optional[String] $containerd_archive          = $kubernetes::containerd_archive,
-  Optional[String] $containerd_archive_checksum = $kubernetes::containerd_archive_checksum,
-  Optional[String] $containerd_source           = $kubernetes::containerd_source,
-  String $etcd_archive                          = $kubernetes::etcd_archive,
-  Optional[String] $etcd_archive_checksum       = $kubernetes::etcd_archive_checksum,
-  String $etcd_version                          = $kubernetes::etcd_version,
-  String $etcd_source                           = $kubernetes::etcd_source,
-  String $etcd_package_name                     = $kubernetes::etcd_package_name,
-  String $etcd_install_method                   = $kubernetes::etcd_install_method,
-  Optional[String] $runc_source                 = $kubernetes::runc_source,
-  Optional[String] $runc_source_checksum        = $kubernetes::runc_source_checksum,
-  Boolean $disable_swap                         = $kubernetes::disable_swap,
-  Boolean $manage_kernel_modules                = $kubernetes::manage_kernel_modules,
-  Boolean $manage_sysctl_settings               = $kubernetes::manage_sysctl_settings,
-  Boolean $create_repos                         = $kubernetes::repos::create_repos,
-  Boolean $pin_packages                         = $kubernetes::pin_packages,
-  Integer $package_pin_priority                 = 32767,
-  String $archive_checksum_type                 = 'sha256',
+  String $kubernetes_package_version                    = $kubernetes::kubernetes_package_version,
+  String $container_runtime                             = $kubernetes::container_runtime,
+  Boolean $manage_docker                                = $kubernetes::manage_docker,
+  Boolean $manage_etcd                                  = $kubernetes::manage_etcd,
+  Optional[String] $docker_version                      = $kubernetes::docker_version,
+  Optional[String] $docker_package_name                 = $kubernetes::docker_package_name,
+  Optional[String] $docker_storage_driver               = $kubernetes::docker_storage_driver,
+  Optional[String] $docker_cgroup_driver                = $kubernetes::cgroup_driver,
+  Optional[Array] $docker_storage_opts                  = $kubernetes::docker_storage_opts,
+  Optional[String] $docker_extra_daemon_config          = $kubernetes::docker_extra_daemon_config,
+  String $docker_log_max_file                           = $kubernetes::docker_log_max_file,
+  String $docker_log_max_size                           = $kubernetes::docker_log_max_size,
+  Boolean $controller                                   = $kubernetes::controller,
+  Optional[String] $containerd_version                  = $kubernetes::containerd_version,
+  Enum['archive','package'] $containerd_install_method  = $kubernetes::containerd_install_method,
+  String $containerd_package_name                       = $kubernetes::containerd_package_name,
+  Optional[String] $containerd_archive                  = $kubernetes::containerd_archive,
+  Optional[String] $containerd_archive_checksum         = $kubernetes::containerd_archive_checksum,
+  Optional[String] $containerd_source                   = $kubernetes::containerd_source,
+  String $etcd_archive                                  = $kubernetes::etcd_archive,
+  Optional[String] $etcd_archive_checksum               = $kubernetes::etcd_archive_checksum,
+  String $etcd_version                                  = $kubernetes::etcd_version,
+  String $etcd_source                                   = $kubernetes::etcd_source,
+  String $etcd_package_name                             = $kubernetes::etcd_package_name,
+  String $etcd_install_method                           = $kubernetes::etcd_install_method,
+  Optional[String] $runc_source                         = $kubernetes::runc_source,
+  Optional[String] $runc_source_checksum                = $kubernetes::runc_source_checksum,
+  Boolean $disable_swap                                 = $kubernetes::disable_swap,
+  Boolean $manage_kernel_modules                        = $kubernetes::manage_kernel_modules,
+  Boolean $manage_sysctl_settings                       = $kubernetes::manage_sysctl_settings,
+  Boolean $create_repos                                 = $kubernetes::repos::create_repos,
+  Boolean $pin_packages                                 = $kubernetes::pin_packages,
+  Integer $package_pin_priority                         = 32767,
+  String $archive_checksum_type                         = 'sha256',
 ) {
   $tmp_directory = '/var/tmp/puppetlabs-kubernetes'
 
@@ -62,6 +65,7 @@
   }
 
   if $manage_kernel_modules and $manage_sysctl_settings {
+    kmod::load { 'overlay': }
     kmod::load { 'br_netfilter':
       before => Sysctl['net.bridge.bridge-nf-call-iptables'],
     }
@@ -75,6 +79,7 @@
       value  => '1',
     }
   } elsif $manage_kernel_modules {
+    kmod::load { 'overlay': }
     kmod::load { 'br_netfilter': }
   } elsif $manage_sysctl_settings {
     sysctl { 'net.bridge.bridge-nf-call-iptables':
@@ -170,8 +175,82 @@
       notify  => Exec['kubernetes-systemd-reload'],
     }
   }
+  elsif $container_runtime == 'cri_containerd' and $containerd_install_method == 'package' {
+    # procedure: https://kubernetes.io/docs/setup/production-environment/container-runtimes/
+    case $facts['os']['family'] {
+      'Debian': {
+        if $create_repos {
+          package { $containerd_package_name:
+            ensure  => $containerd_version,
+            require => Class['Apt::Update'],
+          }
+          if $pin_packages {
+            file { '/etc/apt/preferences.d/containerd':
+              mode    => '0444',
+              owner   => 'root',
+              group   => 'root',
+              content => template('kubernetes/containerd_apt_package_pins.erb'),
+              notify  => Service['containerd'],
+            }
+          }else {
+            file { '/etc/apt/preferences.d/containerd':
+              ensure => absent,
+            }
+          }
+        }else {
+          package { $containerd_package_name:
+            ensure => $containerd_version,
+          }
+          if $pin_packages {
+            fail('for safety reasons package pinning is only usable if you define the create_repos flag')
+          }
+        }
+
+        file { '/etc/containerd':
+          ensure => 'directory',
+          mode   => '0644',
+          owner  => 'root',
+          group  => 'root',
+        }
 
-  elsif $container_runtime == 'cri_containerd' {
+        # Generate using 'containerd config default'
+        file { '/etc/containerd/config.toml':
+          ensure  => file,
+          owner   => 'root',
+          group   => 'root',
+          mode    => '0644',
+          content => template('kubernetes/containerd/config.toml.erb'),
+          require => [File['/etc/containerd'], Package[$containerd_package_name]],
+          notify  => Service['containerd'],
+        }
+      }
+      'RedHat': {
+        package { $containerd_package_name:
+          ensure => $containerd_version,
+        }
+
+        file { '/etc/containerd':
+          ensure => 'directory',
+          mode   => '0644',
+          owner  => 'root',
+          group  => 'root',
+        }
+
+        # Generate using 'containerd config default'
+        file { '/etc/containerd/config.toml':
+          ensure  => file,
+          owner   => 'root',
+          group   => 'root',
+          mode    => '0644',
+          content => template('kubernetes/containerd/config.toml.erb'),
+          require => [File['/etc/containerd'], Package[$containerd_package_name]],
+          notify  => Service['containerd'],
+        }
+      }
+      default: { notify { "The OS family ${facts['os']['family']} is not supported by this module": } }
+    }
+  }
+  elsif $container_runtime == 'cri_containerd' and $containerd_install_method == 'archive' {
     if $runc_source_checksum and $runc_source_checksum =~ /.+/ {
       $runc_source_checksum_verify = true
       $runc_source_creates = undef

diff --git a/manifests/repos.pp b/manifests/repos.pp
@@ -1,23 +1,24 @@
 ## kubernetes repos
 
 class kubernetes::repos (
-  String $container_runtime                 = $kubernetes::container_runtime,
-  Optional[String] $kubernetes_apt_location = $kubernetes::kubernetes_apt_location,
-  Optional[String] $kubernetes_apt_release  = $kubernetes::kubernetes_apt_release,
-  Optional[String] $kubernetes_apt_repos    = $kubernetes::kubernetes_apt_repos,
-  Optional[String] $kubernetes_key_id       = $kubernetes::kubernetes_key_id,
-  Optional[String] $kubernetes_key_source   = $kubernetes::kubernetes_key_source,
-  Optional[String] $kubernetes_yum_baseurl  = $kubernetes::kubernetes_yum_baseurl,
-  Optional[String] $kubernetes_yum_gpgkey   = $kubernetes::kubernetes_yum_gpgkey,
-  Optional[String] $docker_apt_location     = $kubernetes::docker_apt_location,
-  Optional[String] $docker_apt_release      = $kubernetes::docker_apt_release,
-  Optional[String] $docker_apt_repos        = $kubernetes::docker_apt_repos,
-  Optional[String] $docker_yum_baseurl      = $kubernetes::docker_yum_baseurl,
-  Optional[String] $docker_yum_gpgkey       = $kubernetes::docker_yum_gpgkey,
-  Optional[String] $docker_key_id           = $kubernetes::docker_key_id,
-  Optional[String] $docker_key_source       = $kubernetes::docker_key_source,
-  Boolean $manage_docker                    = $kubernetes::manage_docker,
-  Boolean $create_repos                     = $kubernetes::create_repos,
+  String $container_runtime                   = $kubernetes::container_runtime,
+  Optional[String] $kubernetes_apt_location   = $kubernetes::kubernetes_apt_location,
+  Optional[String] $kubernetes_apt_release    = $kubernetes::kubernetes_apt_release,
+  Optional[String] $kubernetes_apt_repos      = $kubernetes::kubernetes_apt_repos,
+  Optional[String] $kubernetes_key_id         = $kubernetes::kubernetes_key_id,
+  Optional[String] $kubernetes_key_source     = $kubernetes::kubernetes_key_source,
+  Optional[String] $kubernetes_yum_baseurl    = $kubernetes::kubernetes_yum_baseurl,
+  Optional[String] $kubernetes_yum_gpgkey     = $kubernetes::kubernetes_yum_gpgkey,
+  Optional[String] $docker_apt_location       = $kubernetes::docker_apt_location,
+  Optional[String] $docker_apt_release        = $kubernetes::docker_apt_release,
+  Optional[String] $docker_apt_repos          = $kubernetes::docker_apt_repos,
+  Optional[String] $docker_yum_baseurl        = $kubernetes::docker_yum_baseurl,
+  Optional[String] $docker_yum_gpgkey         = $kubernetes::docker_yum_gpgkey,
+  Optional[String] $docker_key_id             = $kubernetes::docker_key_id,
+  Optional[String] $docker_key_source         = $kubernetes::docker_key_source,
+  Optional[String] $containerd_install_method = $kubernetes::containerd_install_method,
+  Boolean $manage_docker                      = $kubernetes::manage_docker,
+  Boolean $create_repos                       = $kubernetes::create_repos,
 
 ) {
   if $create_repos {
@@ -34,7 +35,8 @@
           },
         }
 
-        if $container_runtime == 'docker' and $manage_docker == true {
+        if ($container_runtime == 'docker' and $manage_docker == true) or
+            ($container_runtime == 'cri_containerd' and $containerd_install_method == 'package') {
           apt::source { 'docker':
             location => pick($docker_apt_location,'https://apt.dockerproject.org/repo'),
             repos    => pick($docker_apt_repos,'main'),
@@ -47,7 +49,8 @@
         }
       }
       'RedHat': {
-        if $container_runtime == 'docker' and $manage_docker == true {
+        if ($container_runtime == 'docker' and $manage_docker == true) or
+            ($container_runtime == 'cri_containerd' and $containerd_install_method == 'package') {
           yumrepo { 'docker':
             descr    => 'docker',
             baseurl  => pick($docker_yum_baseurl,'https://download.docker.com/linux/centos/7/x86_64/stable'),

diff --git a/manifests/service.pp b/manifests/service.pp
@@ -1,13 +1,14 @@
 # Puppet class that controls the Kubelet service
 
 class kubernetes::service (
-  String $container_runtime        = $kubernetes::container_runtime,
-  Boolean $controller              = $kubernetes::controller,
-  Boolean $manage_docker           = $kubernetes::manage_docker,
-  Boolean $manage_etcd             = $kubernetes::manage_etcd,
-  String $kubernetes_version       = $kubernetes::kubernetes_version,
-  Optional[String] $cloud_provider = $kubernetes::cloud_provider,
-  Optional[String] $cloud_config   = $kubernetes::cloud_config,
+  String $container_runtime                             = $kubernetes::container_runtime,
+  Enum['archive','package'] $containerd_install_method  = $kubernetes::containerd_install_method,
+  Boolean $controller                                   = $kubernetes::controller,
+  Boolean $manage_docker                                = $kubernetes::manage_docker,
+  Boolean $manage_etcd                                  = $kubernetes::manage_etcd,
+  String $kubernetes_version                            = $kubernetes::kubernetes_version,
+  Optional[String] $cloud_provider                      = $kubernetes::cloud_provider,
+  Optional[String] $cloud_config                        = $kubernetes::cloud_config,
 ) {
   file { '/etc/systemd/system/kubelet.service.d':
     ensure => directory,
@@ -30,29 +31,34 @@
     }
 
     'cri_containerd': {
-      file { '/etc/systemd/system/kubelet.service.d/0-containerd.conf':
-        ensure  => file,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0644',
-        content => template('kubernetes/0-containerd.conf.erb'),
-        require => File['/etc/systemd/system/kubelet.service.d'],
-        notify  => [Exec['kubernetes-systemd-reload'], Service['containerd']],
-      }
+      if $containerd_install_method == 'package' {
+        $containerd_service_require = undef
+      } else {
+        $containerd_service_require = Exec['kubernetes-systemd-reload']
+        file { '/etc/systemd/system/kubelet.service.d/0-containerd.conf':
+          ensure  => file,
+          owner   => 'root',
+          group   => 'root',
+          mode    => '0644',
+          content => template('kubernetes/0-containerd.conf.erb'),
+          require => File['/etc/systemd/system/kubelet.service.d'],
+          notify  => [Exec['kubernetes-systemd-reload'], Service['containerd']],
+        }
 
-      file { '/etc/systemd/system/containerd.service':
-        ensure  => file,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0644',
-        content => template('kubernetes/containerd.service.erb'),
-        notify  => [Exec['kubernetes-systemd-reload'], Service['containerd']],
+        file { '/etc/systemd/system/containerd.service':
+          ensure  => file,
+          owner   => 'root',
+          group   => 'root',
+          mode    => '0644',
+          content => template('kubernetes/containerd.service.erb'),
+          notify  => [Exec['kubernetes-systemd-reload'], Service['containerd']],
+        }
       }
 
       service { 'containerd':
         ensure  => running,
         enable  => true,
-        require => Exec['kubernetes-systemd-reload'],
+        require => $containerd_service_require,
       }
     }