kubernetes-sigs
The crun binary installed by 'crun' role is not used by cri-o
What happened?
The crun binary installed by 'crun' role is not used by cri-o at all.
Root cause
The 'crun' role installs the crun binary at /usr/local/bin/crun.
But cri-o does not use it. The 'crun' binary is included in the cri-o tarball and 'cri-o' role installs the crun in /usr/libexec/crio/crun. The crio-o uses this crun binary.
Related PR is #11584
What did you expect to happen?
The cri-o uses /usr/local/bin/crun
I think we have two options to solve this:
- The cri-o uses
/usr/local/bin/crun. Thecri-orole does not install 'crun' binary. - Use crun binary included in cri-o tarball, and remove 'crun' role, if anyone does not use it.
I'm not sure which one is better. Need discussion.
How can we reproduce it (as minimally and precisely as possible)?
Just enable the cri-o and deploy.
container_manager: crio
OS
Ubuntu 20 (but not depends on it)
Version of Ansible
9.13.0
Version of Python
3.11.0
Version of Kubespray (commit)
2.28.0
Network plugin used
calico
Full inventory with variables
Command used to invoke ansible
Output of ansible run
Anything else we need to know
Related issue: #12233 The crun 1.21 included in cri-o 1.32.4 and 1.33.0 does not work with Ubuntu 20.04.
Hi @tmurakam,
believe that after the merge of https://github.com/cri-o/packaging/pull/131, the CRI-O package now includes crun. Therefore, the second option: "Use the crun binary included in the cri-o tarball, and remove the 'crun' role if it is not used by anyone." It is more reasonable. This approach would also simplify the Kubespray codebase, making it easier to maintain.
I'm not completely sure crun is not used by anything but crio. In particular we have tasks to create RuntimeClass using crun (roles/kubernetes-apps/container_runtimes/crun).
Since container runtimes can co-exists (unlike container engine) maybe we should decouple the two ?
Yes, we can remain the crun role, and remove dependencies of it from cri-o.