Skip to content
This repository has been archived by the owner on Oct 24, 2023. It is now read-only.

Commit

Permalink
feat: deprecate kata-containers (#3014)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jackfrancis
jackfrancis authored Apr 3, 2020
1 parent ba08d3a commit 5827dea
Show file tree
Hide file tree
Showing 28 changed files with 32 additions and 305 deletions.
5 changes: 0 additions & 5 deletions cmd/generate_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -780,11 +780,6 @@ func TestExampleAPIModels(t *testing.T) {
apiModelPath: "../examples/kubernetes-D2.json",
setArgs: defaultSet,
},
{
name: "kata-containers",
apiModelPath: "../examples/kubernetes-kata-containers.json",
setArgs: defaultSet,
},
{
name: "ubuntu distros",
apiModelPath: "../examples/kubernetes-non-vhd-distros.json",
Expand Down
2 changes: 1 addition & 1 deletion docs/topics/clusterdefinitions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ $ aks-engine get-versions
| apiServerConfig | no | Configure various runtime configuration for apiserver. See `apiServerConfig` [below](#feat-apiserver-config) |
| cloudControllerManagerConfig | no | Configure various runtime configuration for cloud-controller-manager. See `cloudControllerManagerConfig` [below](#feat-cloud-controller-manager-config) |
| clusterSubnet | no | The IP subnet used for allocating IP addresses for pod network interfaces. The subnet must be in the VNET address space. With Azure CNI enabled, the default value is 10.240.0.0/12. Without Azure CNI, the default value is 10.244.0.0/16. |
| containerRuntime | no | The container runtime to use as a backend. The default is `docker`. The other options are `kata-containers`, and `containerd`. Windows support for `containerd` is **Experimental** - see [Windows ContainerD](features.md#windows-containerd) |
| containerRuntime | no | The container runtime to use as a backend. The default is `docker`. Also supported is `containerd`. Windows support for `containerd` is **Experimental** - see [Windows ContainerD](features.md#windows-containerd) |
| controllerManagerConfig | no | Configure various runtime configuration for controller-manager. See `controllerManagerConfig` [below](#feat-controller-manager-config) |
| customWindowsPackageURL | no | Configure custom windows Kubernetes release package URL for deployment on Windows. The format of this file is a zip file with multiple items (binaries, cni, infra container) in it. This setting will be deprecated in a future release of aks-engine where the binaries will be pulled in the format of Kubernetes releases that only contain the kubernetes binaries. |
| WindowsNodeBinariesURL | no | Windows Kubernetes Node binaries can be provided in the format of Kubernetes release (example: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#node-binaries-1). This setting allows overriding the binaries for custom builds. |
Expand Down
32 changes: 0 additions & 32 deletions docs/topics/features.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
|ContainerD Runtime for Windows|Experimental|`vlabs`|[kubernetes-hybrid.containerd.json](../../examples/windows/kubernetes-hybrid.containerd.json)|[Description](#windows-containerd)|
|Custom VNET|Beta|`vlabs`|[kubernetesvnet-azure-cni.json](../../examples/vnet/kubernetesvnet-azure-cni.json)|[Description](#feat-custom-vnet)|
|Ephemeral OS Disks|Experimental|`vlabs`|[ephmeral-disk.json](../../examples/disks-ephemeral/ephemeral-disks.json)|[Description](#ephemeral-os-disks)|
|Kata Containers Runtime|Alpha|`vlabs`|[kubernetes-kata-containers.json](../../examples/kubernetes-kata-containers.json)|[Description](#feat-kata-containers)|
|Managed Disks|Beta|`vlabs`|[kubernetes-vmas.json](../../examples/disks-managed/kubernetes-vmas.json)|[Description](#feat-managed-disks)|
|Private Cluster|Alpha|`vlabs`|[kubernetes-private-cluster.json](../../examples/kubernetes-config/kubernetes-private-cluster.json)|[Description](#feat-private-cluster)|
|Shared Image Gallery images|Alpha|`vlabs`|[custom-shared-image.json](../../examples/custom-shared-image.json)|[Description](#feat-shared-image-gallery)|
Expand Down Expand Up @@ -363,37 +362,6 @@ E.g.:
]
```

<a name="feat-kata-containers"></a>

## Kata Containers

You can designate kubernetes agents to use Kata Containers as the
container runtime by setting:

```json
"kubernetesConfig": {
"containerRuntime": "kata-containers"
}
```

You will need to make sure your agents are using a `vmSize` that [supports
nested virtualization](https://azure.microsoft.com/en-us/blog/nested-virtualization-in-azure/).
These are the `Dv3` or `Ev3` series nodes.

This should look like:

```json
"agentPoolProfiles": [
{
"name": "agentpool1",
"count": 3,
"vmSize": "Standard_D4s_v3",
"availabilityProfile": "AvailabilitySet",
"diskSizesGB": [1023]
}
],
```

<a name="feat-private-cluster"></a>

## Private Cluster
Expand Down
40 changes: 0 additions & 40 deletions examples/kubernetes-kata-containers.json
View file

This file was deleted.

12 changes: 0 additions & 12 deletions parts/k8s/cloud-init/artifacts/cse_install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,18 +106,6 @@ installMoby() {
apt_get_install 20 30 120 moby-engine=${MOBY_VERSION}* moby-cli=${MOBY_CLI}* --allow-downgrades || exit 27
fi
}
installKataContainersRuntime() {
ARCH=$(arch)
BRANCH=stable-1.7
KATA_RELEASE_KEY_TMP=/tmp/kata-containers-release.key
KATA_URL=http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_${UBUNTU_RELEASE}/Release.key
retrycmd_if_failure_no_stats 120 5 25 curl -fsSL $KATA_URL > $KATA_RELEASE_KEY_TMP || exit 60
wait_for_apt_locks
retrycmd_if_failure 30 5 30 apt-key add $KATA_RELEASE_KEY_TMP || exit 61
echo "deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_${UBUNTU_RELEASE}/ /" > /etc/apt/sources.list.d/kata-containers.list
apt_get_update || exit 99
apt_get_install 120 5 25 kata-runtime || exit 62
}
installBcc() {
IOVISOR_KEY_TMP=/tmp/iovisor-release.key
IOVISOR_URL=https://repo.iovisor.org/GPG-KEY
Expand Down
4 changes: 0 additions & 4 deletions parts/k8s/cloud-init/artifacts/cse_main.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,10 +184,6 @@ wait_for_file 3600 1 {{GetCustomSearchDomainsCSEScriptFilepath}} || exit {{GetCS

{{- if IsDockerContainerRuntime}}
time_metric "EnsureDocker" ensureDocker
{{else if IsKataContainerRuntime}}
if grep -q vmx /proc/cpuinfo; then
time_metric "InstallKataContainers" installKataContainersRuntime
fi
{{end}}

time_metric "ConfigureK8s" configureK8s
Expand Down
13 changes: 0 additions & 13 deletions parts/k8s/cloud-init/masternodecustomdata.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,26 +224,13 @@ write_files:
conf_template = "/etc/containerd/kubenet_template.conf"
{{end}}
[plugins."io.containerd.grpc.v1.cri".containerd]
{{if IsKataContainerRuntime }}
default_runtime_name = "kata"
{{else}}
default_runtime_name = "runc"
{{end}}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
{{if IsKataContainerRuntime }}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
runtime_type = "io.containerd.kata.v2"
{{end}}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.untrusted]
{{if IsKataContainerRuntime }}
runtime_engine = "/usr/bin/kata-runtime"
runtime_type = "io.containerd.kata.v2"
{{else}}
{{/* note: runc really should not be used for untrusted workloads... should we remove this? This is here because it was here before */}}
runtime_type = "io.containerd.runc.v2"
{{end}}
#EOF
{{if IsKubenet}}
Expand Down
13 changes: 0 additions & 13 deletions parts/k8s/cloud-init/nodecustomdata.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,26 +225,13 @@ write_files:
conf_template = "/etc/containerd/kubenet_template.conf"
{{end}}
[plugins."io.containerd.grpc.v1.cri".containerd]
{{if IsKataContainerRuntime }}
default_runtime_name = "kata"
{{else}}
default_runtime_name = "runc"
{{end}}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
{{if IsKataContainerRuntime }}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
runtime_type = "io.containerd.kata.v2"
{{end}}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.untrusted]
{{if IsKataContainerRuntime }}
runtime_engine = "/usr/bin/kata-runtime"
runtime_type = "io.containerd.kata.v2"
{{else}}
{{/* note: runc really should not be used for untrusted workloads... should we remove this? This is here because it was here before */}}
runtime_type = "io.containerd.runc.v2"
{{end}}
#EOF
{{if IsKubenet }}
Expand Down
3 changes: 1 addition & 2 deletions parts/k8s/kubernetesparams.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,11 +294,10 @@
"containerRuntime": {
"defaultValue": "{{.OrchestratorProfile.KubernetesConfig.ContainerRuntime}}",
"metadata": {
"description": "The container runtime to use (docker|kata-containers|containerd)"
"description": "The container runtime to use (docker|containerd)"
},
"allowedValues": [
"docker",
"kata-containers",
"containerd"
],
"type": "string"
Expand Down
2 changes: 1 addition & 1 deletion pkg/api/const.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ const (
// Supported container runtimes
const (
Docker = "docker"
KataContainers = "kata-containers"
KataContainers = "kata-containers" // Deprecated
Containerd = "containerd"
)

Expand Down
2 changes: 1 addition & 1 deletion pkg/api/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ func (cs *ContainerService) setOrchestratorDefaults(isUpgrade, isScale bool) {
}
o.KubernetesConfig.MobyVersion = DefaultMobyVersion
}
case Containerd, KataContainers:
case Containerd:
if o.KubernetesConfig.ContainerdVersion == "" || isUpdate {
if o.KubernetesConfig.ContainerdVersion != DefaultContainerdVersion {
if isUpgrade {
Expand Down
18 changes: 0 additions & 18 deletions pkg/api/defaults_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1050,24 +1050,6 @@ func TestContainerRuntime(t *testing.T) {
properties.OrchestratorProfile.KubernetesConfig.ContainerdVersion, DefaultContainerdVersion)
}

mockCS = getMockBaseContainerService("1.10.13")
properties = mockCS.Properties
properties.OrchestratorProfile.OrchestratorType = Kubernetes
properties.OrchestratorProfile.KubernetesConfig.ContainerRuntime = KataContainers
mockCS.setOrchestratorDefaults(false, false)
if properties.OrchestratorProfile.KubernetesConfig.ContainerRuntime != KataContainers {
t.Fatalf("ContainerRuntime did not have the expected value, got %s, expected %s",
properties.OrchestratorProfile.KubernetesConfig.ContainerRuntime, KataContainers)
}
if properties.OrchestratorProfile.KubernetesConfig.MobyVersion != "" {
t.Fatalf("MobyVersion did not have the expected value, got %s, expected %s",
properties.OrchestratorProfile.KubernetesConfig.MobyVersion, "")
}
if properties.OrchestratorProfile.KubernetesConfig.ContainerdVersion != DefaultContainerdVersion {
t.Fatalf("Containerd did not have the expected value, got %s, expected %s",
properties.OrchestratorProfile.KubernetesConfig.ContainerdVersion, DefaultContainerdVersion)
}

for _, containerdVersion := range []string{"1.1.2", "1.1.4", "1.1.5"} {

mockCS = getMockBaseContainerService("1.10.13")
Expand Down
3 changes: 1 addition & 2 deletions pkg/api/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2007,9 +2007,8 @@ func (k *KubernetesConfig) GetOrderedKubeletConfigStringForPowershell() string {
}

// NeedsContainerd returns whether or not we need the containerd runtime configuration
// E.g., kata configuration requires containerd config
func (k *KubernetesConfig) NeedsContainerd() bool {
return k.ContainerRuntime == KataContainers || k.ContainerRuntime == Containerd
return k.ContainerRuntime == Containerd
}

// IsNSeriesSKU returns true if the agent pool contains an N-series (NVIDIA GPU) VM
Expand Down
7 changes: 0 additions & 7 deletions pkg/api/types_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7281,13 +7281,6 @@ func TestHasContainerd(t *testing.T) {
},
expected: true,
},
{
name: "kata",
k: &KubernetesConfig{
ContainerRuntime: KataContainers,
},
expected: true,
},
}

for _, test := range tests {
Expand Down
4 changes: 2 additions & 2 deletions pkg/api/vlabs/const.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ const (
// Supported container runtimes
const (
Docker = "docker"
KataContainers = "kata-containers"
KataContainers = "kata-containers" // Deprecated
Containerd = "containerd"
)

Expand All @@ -97,7 +97,7 @@ var (
NetworkPolicyValues = [...]string{"", "calico", NetworkPolicyCilium, NetworkPolicyAntrea, "azure", "none"}

// ContainerRuntimeValues holds the valid values for container runtimes
ContainerRuntimeValues = [...]string{"", Docker, KataContainers, Containerd}
ContainerRuntimeValues = [...]string{"", Docker, Containerd}

// DistroValues holds the valid values for OS distros
DistroValues = []Distro{"", Ubuntu, Ubuntu1804, Ubuntu1804Gen2, RHEL, AKSUbuntu1604, AKSUbuntu1804, ACC1604}
Expand Down
16 changes: 8 additions & 8 deletions pkg/api/vlabs/validate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,7 @@ func (a *Properties) ValidateOrchestratorProfile(isUpdate bool) error {
return errors.Errorf("DcosConfig can be specified only when OrchestratorType is DCOS")
}

return a.validateContainerRuntime()
return a.validateContainerRuntime(isUpdate)
}

func (a *Properties) validateMasterProfile(isUpdate bool) error {
Expand Down Expand Up @@ -1485,7 +1485,7 @@ func (k *KubernetesConfig) Validate(k8sVersion string, hasWindows, ipv6DualStack
// Validate containerd scenarios
if k.ContainerRuntime == Docker || k.ContainerRuntime == "" {
if k.ContainerdVersion != "" {
return errors.Errorf("containerdVersion is only valid in a non-docker context, use %s or %s containerRuntime values instead if you wish to provide a containerdVersion", Containerd, KataContainers)
return errors.Errorf("containerdVersion is only valid in a non-docker context, use %s containerRuntime value instead if you wish to provide a containerdVersion", Containerd)
}
} else {
if e := validateContainerdVersion(k.ContainerdVersion); e != nil {
Expand Down Expand Up @@ -1636,7 +1636,7 @@ func (k *KubernetesConfig) isUsingCustomKubeComponent() bool {
return k.CustomKubeAPIServerImage != "" || k.CustomKubeControllerManagerImage != "" || k.CustomKubeProxyImage != "" || k.CustomKubeSchedulerImage != "" || k.CustomKubeBinaryURL != ""
}

func (a *Properties) validateContainerRuntime() error {
func (a *Properties) validateContainerRuntime(isUpdate bool) error {
var containerRuntime string

switch a.OrchestratorProfile.OrchestratorType {
Expand All @@ -1648,6 +1648,11 @@ func (a *Properties) validateContainerRuntime() error {
return nil
}

// Check for deprecated, non-back-compat
if isUpdate && containerRuntime == KataContainers {
return errors.Errorf("%s containerRuntime has been deprecated, you will not be able to update this cluster with this version of aks-engine", KataContainers)
}

// Check ContainerRuntime has a valid value.
valid := false
for _, runtime := range ContainerRuntimeValues {
Expand All @@ -1660,11 +1665,6 @@ func (a *Properties) validateContainerRuntime() error {
return errors.Errorf("unknown containerRuntime %q specified", containerRuntime)
}

// Make sure we don't use unsupported container runtimes on windows.
if (containerRuntime == KataContainers) && a.HasWindows() {
return errors.Errorf("containerRuntime %q is not supporting windows agents", containerRuntime)
}

// TODO: These validations should be relaxed once ContainerD and CNI plugins are more readily available
if containerRuntime == Containerd && a.HasWindows() {
if a.OrchestratorProfile.KubernetesConfig.WindowsContainerdURL == "" {
Expand Down
Loading

0 comments on commit 5827dea

Please sign in to comment.