-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use socket with unix:/// in CAPD. #6155
Comments
@sbueringer: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@fabriziopandini I assume we don't have to do anything for upgrades as we don't do in-place upgrades:
|
I don't see anywhere that we are referencing this directly in the CAPD code:
I think with our use of the docker API, any interaction with the socket is all encapsulated inside that library. |
That is correct. I was referring to the places where we configure the criSocket in YAML: https://grep.app/search?q=/var/run/containerd/containerd.sock&filter[repo.pattern][0]=kubernetes-sigs/cluster-api&filter[lang][0]=YAML P.S. This config is used by kubeadm "inside" the nodes, afaik to configure Kubelet. |
@sbueringer we should tell the user to update their kubeconfig, but I'm -1 to upgrade settings automatically because this will trigger rollouts |
+1. I think we should have a section about 1.24 in our version.md and link that in the next releases which add support for 1.24. Maybe it's a good/sustainable pattern to document the really really breaking changes for CAPI users in Kubernetes releases there. (I'm referring to those parts which are kind of abstracted away by CAPI like kubeadm, not generic Kubernetes things like dropping support for old apiGroups in upstream Kubernetes) |
Just to confirm, the scope here is only CAPD? If so, considering CAPD is not meant for production and only for development, I don't think we need to be as strict with not causing rollouts. IMO the term "user" doesn't really apply here. |
The scope of what I want to fix is CAPD. Fabrizio was referring to that we don't want to automatically migrate in KCP or CABPK to not trigger rollouts everywhere. So essentially we should communicate to CAPI users that they should use a path with a URL scheme going forward, given that "the kubelet has long deprecated paths without unix:// and it might stop supporting them in the future" (kubernetes/kubeadm#2426 (comment)) |
Thanks, Stefan for clarifying! |
Yes. Let's try if that works! |
Agree with @CecileRobertMichon's message above, if the scope is only for CAPD we should probably not bother and just do the breaking change. For general KCP consumption, we could consider to only migrate the configuration when we detect an upgrade to 1.24? |
But I think we can't do it for KubeadmConfig(Template) which means we would produce different configs in KCP / worker nodes. What do you think about trying to make some progress on webhook warnings in controller-runtime (not sure what the current state is there) and then adding a warning for it? |
@ good first issue readers :) Concrete task that can be already done:
Meanwhile we're further discussing on this issue what we can/should do in KCP/CABPK. |
/assign |
Thx @shubham14bajpai |
@sbueringer: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/remove-good-first-issue CAPD YAMLs have been changed accordingly. Let's pivot back to what we want do for KCP / CABPK. Trying to summarize: The old criSocket format (without URL scheme) is deprecated on multiple levels now (kubeadm (with 1.24) / kubelet) Our options are (listing all for completeness):
My take is, let's implement 1. and open a new focused issue for 2. Opinions? @CecileRobertMichon @enxebre @fabriziopandini @vincepri |
I'm +1 to option 1 because AFAIK most of the users rely on kubeadm CRI autodetection (and it is just a warning now) |
/milestone v1.2 |
I'm tracking this as part of #5968, so we can document that folks should migrate when we have support for Kubernetes 1.24. (currently versions.md doesn't include v1.24 which makes sense as it hasn't been released yet) |
We are currently using
/var/run/containerd/containerd.sock
in our CAPD configurations.We should actually be using
unix:///var/run/containerd/containerd.sock
. Goal of this issue is to go over test/ and replace all occurrences.P.S. there will be a warning with kubeadm v1.24 for paths which are not using a URL scheme. (xref: kubernetes/kubeadm#2426 (comment))
/kind cleanup
/area provider-docker
/good-first-issue
[One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels]
The text was updated successfully, but these errors were encountered: