From a0b2a6cbaf753511b657c8a7b2dc3553f43e608a Mon Sep 17 00:00:00 2001 From: Yoshiro Watanabe Date: Wed, 21 Aug 2024 07:43:21 +0000 Subject: [PATCH] Change repository for k8s, cri-o The legacy k8s repository was retired on March 26, 2024 [1]. The cri-o project followed k8s lead and moved the build to a new repository [2]. This patch changes the location of k8s, cri-o installed packages for Ubuntu based deployments only. Changes the value of the apiversion parameter in the kubeadm configuration because the new repository can also install 1.27.x and later versions of k8s that no longer support v1beta2 and earlier APIs. The version of the package to be installed can be specified using the K8S_VERSION and CRIO_VERSION variables. Also, the default values of K8S_VERSION and CRIO_VERSION have been changed, and it has been confirmed that tacker project FT works fine with the changed version. [1]https://kubernetes.io/blog/2023/08/31/legacy-package-repository-deprecation/ [2]https://kubernetes.io/blog/2023/10/10/cri-o-community-package-infrastructure/ Change-Id: I0ce9fd2bcb5d79ebad2cecafabf8c9f33b106647 --- devstack/lib/crio | 26 ++++++++++++-------------- devstack/lib/k8s | 23 ++++++++++++++--------- devstack/settings | 2 +- 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/devstack/lib/crio b/devstack/lib/crio index fc11f76..23a8583 100644 --- a/devstack/lib/crio +++ b/devstack/lib/crio @@ -27,7 +27,7 @@ CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP) function check_crio { if is_ubuntu; then - dpkg -l | grep crio-o > /dev/null 2>&1 + dpkg -l | grep cri-o > /dev/null 2>&1 else false # TODO: CentOS/Fedora support. @@ -40,23 +40,21 @@ function install_crio { fi local lsb_dist=${os_VENDOR,,} - local dist_version=${os_CODENAME} - local kubic_obs_project_key="2472d6d0d2f66af87aba8da34d64390375060aa4" - local os="x${os_VENDOR}_${os_RELEASE}" if is_ubuntu; then + local stream="https://pkgs.k8s.io/addons:/cri-o:/stable:/v${CRIO_VERSION%.*}" + local key_path="/etc/apt/keyrings/cri-o-apt-keyring.gpg" + apt_get install apt-transport-https ca-certificates \ - software-properties-common - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \ - --recv ${kubic_obs_project_key} - sudo apt-add-repository -y "deb https://download.opensuse.org/"` - `"repositories/devel:/kubic:/libcontainers:/stable/${os}/ /" - sudo apt-add-repository -y "deb http://download.opensuse.org/"` - `"repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/"` - `"${CRIO_VERSION}/${os}/ /" + software-properties-common curl + curl -fsSL "${stream}/deb/Release.key" | sudo gpg --dearmor -o "${key_path}" + echo "deb [signed-by=${key_path}] ${stream}/deb/ /" | \ + sudo tee /etc/apt/sources.list.d/cri-o.list # Installing podman and containerd will get us compatible versions of - # cri-o and runc. And we need podman to manage container images anyway. - apt_get install podman buildah cri-o-runc cri-o + # cri-o. And we need podman to manage container images anyway. + REPOS_UPDATED=False apt_get_update + crio_pkg_version=$(sudo apt-cache show cri-o | grep "Version: $CRIO_VERSION-" | awk '{ print $2 }' | head -n 1) + apt_get install podman buildah cri-o="${crio_pkg_version}" sudo systemctl enable crio elif is_fedora; then if [[ "$lsb_dist" = "centos" ]]; then diff --git a/devstack/lib/k8s b/devstack/lib/k8s index ccfacc7..f098f51 100644 --- a/devstack/lib/k8s +++ b/devstack/lib/k8s @@ -27,7 +27,7 @@ K8S_NODE_IP=${K8S_NODE_IP:-$HOST_IP} K8S_API_SERVER_PORT=${K8S_API_SERVER_PORT:-6443} K8S_POD_NETWORK_CIDR=${K8S_POD_NETWORK_CIDR:-10.244.0.0/16} K8S_SERVICE_NETWORK_CIDR=${K8S_SERVICE_NETWORK_CIDR:-10.96.0.0/12} -K8S_VERSION=${K8S_VERSION:-1.23.16-00} +K8S_VERSION=${K8S_VERSION:-"1.30.5"} K8S_NETWORK_ADDON=${K8S_NETWORK_ADDON:-flannel} # Functions @@ -40,12 +40,17 @@ function is_k8s_enabled { function install_kubeadm { if is_ubuntu; then - apt_get install apt-transport-https curl - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - - sudo add-apt-repository -y \ - "deb https://apt.kubernetes.io/ kubernetes-xenial main" + local stream="https://pkgs.k8s.io/core:/stable:/v${K8S_VERSION%.*}" + local key_path="/etc/apt/keyrings/kubernetes-apt-keyring.gpg" + + apt_get install apt-transport-https ca-certificates curl gpg + curl -fsSL "${stream}/deb/Release.key" | sudo gpg --dearmor -o "${key_path}" + echo "deb [signed-by=${key_path}] ${stream}/deb/ /" | \ + sudo tee /etc/apt/sources.list.d/kubernetes.list + REPOS_UPDATED=False apt_get_update - apt_get install kubelet=$K8S_VERSION kubeadm=$K8S_VERSION kubectl=$K8S_VERSION + kube_pkg_version=$(sudo apt-cache show kubeadm | grep "Version: $K8S_VERSION-" | awk '{ print $2 }' | head -n 1) + apt_get install kubelet="${kube_pkg_version}" kubeadm="${kube_pkg_version}" kubectl="${kube_pkg_version}" sudo apt-mark hold kubelet kubeadm kubectl # NOTE(hongbin): This work-around an issue that kubelet pick a wrong # IP address if the node has multiple network interfaces. @@ -71,7 +76,7 @@ function kubeadm_init { fi cat </dev/null -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration imageRepository: "${KUBEADMIN_IMAGE_REPOSITORY}" etcd: @@ -82,7 +87,7 @@ networking: podSubnet: "${K8S_POD_NETWORK_CIDR}" serviceSubnet: "${K8S_SERVICE_NETWORK_CIDR}" --- -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - token: "${K8S_TOKEN}" ttl: 0s @@ -131,7 +136,7 @@ function kubeadm_join { fi cat </dev/null -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: JoinConfiguration discovery: bootstrapToken: diff --git a/devstack/settings b/devstack/settings index 59f3469..b8a92ba 100644 --- a/devstack/settings +++ b/devstack/settings @@ -9,7 +9,7 @@ ENABLE_LIVE_RESTORE=${ENABLE_LIVE_RESTORE:-false} ENABLE_IPV6=${ENABLE_IPV6:-false} K8S_NETWORK_ADDON=${K8S_NETWORK_ADDON:-flannel} ENABLE_CONTAINERD_CRI=${ENABLE_CONTAINERD_CRI:-false} -CRIO_VERSION=${CRIO_VERSION:-"1.23:/1.23.0"} +CRIO_VERSION=${CRIO_VERSION:-"1.30.5"} CRIO_ALLOW_ICMP=${CRIO_ALLOW_ICMP:-true} CNI_CONF_DIR=${CNI_CONF_DIR:-} CNI_PLUGIN_DIR=${CNI_PLUGIN_DIR:-}