Deploy Container Engine

[sohnaeo]

What would you like to be added:

As we know docker-shim is deprecated in new Kubernetes versions. But If we still would like to use docker, we must need to use cri-dockerd that will be switching from the built in dockershim to the external one.

We have customized Ubuntu 22.04 AMI that have docker pre-installed with own docker customized options.

So, our kubespray variables are as

container_manager: docker deploy_container_engine: false

Problem is , if we set "deploy_container_engine" to false then kubespray skips all the tasks to install crictl along with cri-dockerd that breaks the installation. Is it possible to introduce new options for cri-dockerd/crictl like as below cri-dockerd: true crictl: true deploy_container_engine: false

OS: Ubuntu 22.04

Kubespray: Master Branch

Why is this needed:

This will help people who are installing docker outside kubespray and they don't need to install crictl/cric-dockerd themselves.

[oomichi]

I am not sure why you set

deploy_container_engine: false

here. https://github.com/kubernetes-sigs/kubespray/blob/master/docs/docker.md doesn't contain such option.

[sohnaeo]

@oomichi

It is there, check out the sample/inventory

farhan@farhan-Surface-Pro:~kubespray/inventory$ grep -ir deploy_container_en sample/group_vars/all/all.yml:# deploy_container_engine: true

https://github.com/kubernetes-sigs/kubespray/blob/master/inventory/sample/group_vars/all/all.yml#L98

We installed docker in our own way with with different permissions, users etc that was working fine in earlier versions but in latest version, docker-shim is deprecated and if we set

deploy_container_engine: false

it completely ignores every thing related with containerd or cri. Thats the reason I requested, it could be nice feature if we get docker installed as our own way and rest can be installed through kubespray.

[oomichi]

I see, you need to pre-install docker engine before operating Kubespray. Can you share an example why you need to pre-install the docker engine? Is it good for you if Kubespray supports the customized options for Docker?

[sohnaeo]

@oomichi

There are below reasons that we need to pre-install the docker engine

1. As we have Ubuntu support so we would like to install docker.io ubuntu distribution instead docker-ce

2. We add extra disks on our nodes, create LV (in older versions we were using device mapper thin pool) for overlay2 docker. We run kubernetes on prem which doesnt have access to internet so we do offline installation.

devicemapper is no longer preferred storage driver for docker, overlay2 is the preferred one.

3. We run docker as different group than docker so users can run docker commands as this group can access docker.sock

4. there are few other arguments we add into docker.daemon which can be done through kubespray anyways.

Currently, we have ansible role to install docker on our nodes before we install the kubespray.

We also testing containerd to replace with docker. There is also an issue which I expereince in containred and I raised it

https://github.com/kubernetes-sigs/kubespray/issues/9243

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.