Merge pull request #16303 from dcbw/dind-crio

Automatic merge from submit-queue (batch tested with PRs 16365, 16250, 14945, 16355, 16303)

dind: add support for CRI-O runtime via "-c crio" start argument

@danwinship @stevekuznetsov @openshift/networking @openshift/sig-networking @marun

Author: openshift-merge-robot

hack/dind-cluster.sh

@@ -67,14 +67,26 @@ function start() {
   local deployed_config_root=$4
   local cluster_id=$5
   local network_plugin=$6
-  local wait_for_cluster=$7
-  local node_count=$8
-  local additional_args=$9
+  local container_runtime=$7
+  local wait_for_cluster=$8
+  local node_count=$9
+  local additional_args=${10}
 
   # docker-in-docker's use of volumes is not compatible with SELinux
   check-selinux
 
-  echo "Starting dind cluster '${cluster_id}' with plugin '${network_plugin}'"
+  runtime_endpoint=
+  if [[ "${container_runtime}" = "dockershim" ]]; then
+    # dockershim is default and doesn't need an endpoint path
+    runtime_endpoint=
+  elif [[ "${container_runtime}" = "crio" ]]; then
+    runtime_endpoint="/var/run/crio.sock"
+  else
+    >&2 echo "Invalid container runtime: ${container_runtime}"
+    exit 1
+  fi
+
+  echo "Starting dind cluster '${cluster_id}' with plugin '${network_plugin}' and runtime '${container_runtime}'"
 
   # Error if a cluster is already configured
   check-no-containers "start"
@@ -91,16 +103,19 @@ function start() {
 
   # Initialize the cluster config path
   mkdir -p "${config_root}"
-  echo "OPENSHIFT_NETWORK_PLUGIN=${network_plugin}" > "${config_root}/network-plugin"
-  echo "OPENSHIFT_ADDITIONAL_ARGS='${additional_args}'" > "${config_root}/additional-args"
+  echo "OPENSHIFT_NETWORK_PLUGIN=${network_plugin}" > "${config_root}/dind-env"
+  echo "OPENSHIFT_ADDITIONAL_ARGS='${additional_args}'" >> "${config_root}/dind-env"
   copy-runtime "${origin_root}" "${config_root}/"
 
+  echo "OPENSHIFT_CONTAINER_RUNTIME=${container_runtime}" >> "${config_root}/dind-env"
+  echo "OPENSHIFT_REMOTE_RUNTIME_ENDPOINT=${runtime_endpoint}" >> "${config_root}/dind-env"
+
   ovn_kubernetes=
   if [[ -d "${ovn_root}" ]]; then
     copy-ovn-runtime "${ovn_root}" "${config_root}/"
     ovn_kubernetes=1
   fi
-  echo "OPENSHIFT_OVN_KUBERNETES=${ovn_kubernetes}" > "${config_root}/ovn-kubernetes"
+  echo "OPENSHIFT_OVN_KUBERNETES=${ovn_kubernetes}" >> "${config_root}/dind-env"
 
   # Create containers
   start-container "${config_root}" "${deployed_config_root}" "${MASTER_IMAGE}" "${MASTER_NAME}"
@@ -603,6 +618,7 @@ MASTER_IMAGE="openshift/dind-master"
 ADDITIONAL_ARGS=""
 
 OVN_ROOT="${OVN_ROOT:-}"
+CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-dockershim}"
 
 case "${1:-""}" in
   start)
@@ -612,7 +628,7 @@ case "${1:-""}" in
     NETWORK_PLUGIN=
     REMOVE_EXISTING_CLUSTER=
     OPTIND=2
-    while getopts ":bin:rsN:" opt; do
+    while getopts ":bc:in:rsN:" opt; do
       case $opt in
         b)
           BUILD=1
@@ -632,6 +648,9 @@ case "${1:-""}" in
         s)
           WAIT_FOR_CLUSTER=
           ;;
+        c)
+          CONTAINER_RUNTIME="${OPTARG}"
+          ;;
         \?)
           echo "Invalid option: -${OPTARG}" >&2
           exit 1
@@ -680,8 +699,8 @@ case "${1:-""}" in
     fi
 
     start "${OS_ROOT}" "${OVN_ROOT}" "${CONFIG_ROOT}" "${DEPLOYED_CONFIG_ROOT}" \
-          "${CLUSTER_ID}" "${NETWORK_PLUGIN}" "${WAIT_FOR_CLUSTER}" \
-          "${NODE_COUNT}" "${ADDITIONAL_ARGS}"
+          "${CLUSTER_ID}" "${NETWORK_PLUGIN}" "${CONTAINER_RUNTIME}" \
+          "${WAIT_FOR_CLUSTER}" "${NODE_COUNT}" "${ADDITIONAL_ARGS}"
     ;;
   add-node)
     WAIT_FOR_CLUSTER=1
@@ -810,6 +829,7 @@ start accepts the following options:
  -n [net plugin]   the name of the network plugin to deploy
  -N                number of nodes in the cluster
  -b                build origin before starting the cluster
+ -c [runtime name] use the specified container runtime instead of dockershim (eg, "crio")
  -i                build container images before starting the cluster
  -r                remove an existing cluster
  -s                skip waiting for nodes to become ready

images/dind/master/openshift-generate-master-config.sh

@@ -5,8 +5,7 @@ set -o nounset
 set -o pipefail
 
 # Should set OPENSHIFT_NETWORK_PLUGIN
-source /data/network-plugin
-source /data/additional-args
+source /data/dind-env
 
 function ensure-master-config() {
   local config_path="/data/openshift.local.config"

images/dind/master/ovn-kubernetes-master-setup.sh

@@ -5,8 +5,7 @@ set -o nounset
 set -o pipefail
 
 source /usr/local/bin/openshift-dind-lib.sh
-source /data/network-plugin
-source /data/ovn-kubernetes
+source /data/dind-env
 
 function is-api-running() {
   local config=$1

images/dind/master/ovn-kubernetes-master.sh

@@ -5,8 +5,7 @@ set -o nounset
 set -o pipefail
 
 source /usr/local/bin/openshift-dind-lib.sh
-source /data/network-plugin
-source /data/ovn-kubernetes
+source /data/dind-env
 
 function ovn-kubernetes-master() {
   local config_dir=$1

images/dind/node/Dockerfile

@@ -25,7 +25,11 @@ RUN dnf -y update && dnf -y install\
  python-netaddr\
  python2-pyroute2\
  python2-requests\
- PyYAML
+ PyYAML\
+ cri-o
+
+# Remove the CRI-O CNI network configs so openshift-sdn's will be used instead
+RUN rm -f /etc/cni/net.d/*
 
 # Upgrade to a newer OVS and install OVN packages that are only available
 # with the newer release. (This can go away when the base image is upgraded to
@@ -90,3 +94,7 @@ RUN systemctl enable ovn-kubernetes-node-setup.service
 COPY ovn-kubernetes-node.service /etc/systemd/system/
 COPY ovn-kubernetes-node.sh /usr/local/bin/
 RUN systemctl enable ovn-kubernetes-node.service
+
+COPY crio-node.sh /usr/local/bin/
+COPY crio-node.service /etc/systemd/system/
+RUN systemctl enable crio-node.service

images/dind/node/crio-node.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Setup for CRI-O node
+Before=openshift-node.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/crio-node.sh
+
+[Install]
+WantedBy=openshift-node.service
+

images/dind/node/crio-node.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+source /usr/local/bin/openshift-dind-lib.sh
+source /data/dind-env
+
+if [[ "${OPENSHIFT_CONTAINER_RUNTIME}" = "crio" ]]; then
+  systemctl enable crio
+  systemctl start crio
+fi

images/dind/node/openshift-generate-node-config.sh

@@ -6,7 +6,7 @@ set -o pipefail
 
 source /usr/local/bin/openshift-dind-lib.sh
 # Should set OPENSHIFT_NETWORK_PLUGIN
-source /data/network-plugin
+source /data/dind-env
 
 function ensure-node-config() {
   local deployed_config_path="/var/lib/origin/openshift.local.config/node"
@@ -64,6 +64,15 @@ kubeletArguments:
   cgroups-per-qos: ["false"]
   enforce-node-allocatable: [""]
 EOF
+
+    if [[ "${OPENSHIFT_CONTAINER_RUNTIME}" != "dockershim" ]]; then
+      cat >> "${node_config_file}" <<EOF
+  container-runtime: ["remote"]
+  container-runtime-endpoint: ["${OPENSHIFT_REMOTE_RUNTIME_ENDPOINT}"]
+  image-service-endpoint: ["${OPENSHIFT_REMOTE_RUNTIME_ENDPOINT}"]
+EOF
+    fi
+
   fi
 
   # Ensure the configuration is readable outside of the container

images/dind/node/ovn-kubernetes-node-setup.sh

@@ -5,8 +5,7 @@ set -o nounset
 set -o pipefail
 
 source /usr/local/bin/openshift-dind-lib.sh
-source /data/network-plugin
-source /data/ovn-kubernetes
+source /data/dind-env
 
 function is-api-running() {
   local config=$1

images/dind/node/ovn-kubernetes-node.sh

@@ -5,8 +5,7 @@ set -o nounset
 set -o pipefail
 
 source /usr/local/bin/openshift-dind-lib.sh
-source /data/network-plugin
-source /data/ovn-kubernetes
+source /data/dind-env
 
 function is-northd-running() {
   local northd_ip=$1