Start containerd on nodes

dc54a3e0 · kaiyou · ac76eebd · dc54a3e0 · dc54a3e0 · dc54a3e0
Commit dc54a3e0 authored 2 years ago by kaiyou
--- a/pkg/cluster/kubeconfig.go
+++ b/pkg/cluster/kubeconfig.go
@@ -81,3 +81,26 @@ func (k *KubeletConfig) Write(path string) error {
 	defer file.Close()
 	return t.Execute(file, k)
 }
+const containerdTemplate = `
+root = "{{.RootDir}}"
+version = 2
+[grpc]
+  address = "{{.Socket}}"
+`
+type ContainerdConfig struct {
+	RootDir string
+	Socket  string
+}
+func (c *ContainerdConfig) Write(path string) error {
+	t, _ := template.New("containerd").Parse(containerdTemplate)
+	file, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	return t.Execute(file, c)
+}
--- a/pkg/cluster/meta.go
+++ b/pkg/cluster/meta.go
@@ -57,11 +57,11 @@ func (s *HeptoState) Merge(b []byte) (bool, error) {
 		return false, nil
 	}
 	change := false
-	change = change || s.PKI.Merge(remote.PKI)
+	change = s.PKI.Merge(remote.PKI) || change
 	for name, remoteCerts := range remote.Certificates {
 		_, ok := s.Certificates[name]
 		if ok {
-			change = change || s.Certificates[name].Merge(remoteCerts)
+			change = s.Certificates[name].Merge(remoteCerts) || change
 		} else {
 			s.Certificates[name] = remoteCerts
 			change = true

--- a/pkg/cluster/services.go
+++ b/pkg/cluster/services.go
@@ -133,6 +133,20 @@ func (s *ClusterServices) startK8sMaster(net *ClusterNetworking, ca *pki.Cluster
 }
 func (s *ClusterServices) startK8sNode(master net.IP, ca *pki.ClusterCA, certs *pki.NodeCerts) {
+	// Containerd
+	containerdConfig := ContainerdConfig{
+		RootDir: "/containerd",
+		Socket:  "/containerd.sock",
+	}
+	containerdConfigPath := "/containerd.toml"
+	containerdConfig.Write(containerdConfigPath)
+	containerd, err := wrappers.Containerd(s.ctx, []string{
+		"--config", containerdConfigPath,
+	})
+	if err != nil {
+		logrus.Fatal("could not start containerd:", err)
+	}
+	// Kubelet
 	kubeletKubeConfig := KubeConfig{
 		URL:        fmt.Sprintf("https://[%s]:6443", master.String()),
 		CACert:     ca.TLS.CertPath(),
@@ -152,10 +166,11 @@ func (s *ClusterServices) startK8sNode(master net.IP, ca *pki.ClusterCA, certs *
 		"--kubeconfig", kubeletKubeConfigPath,
 		"--config", kubeletConfigPath,
 		"--container-runtime", "remote",
-		"--container-runtime-endpoint", "/run/containerd/containerd.sock",
+		"--container-runtime-endpoint", "unix://" + containerdConfig.Socket,
 	})
 	if err != nil {
 		logrus.Fatal(err)
 	}
+	go s.watch(containerd)
 	go s.watch(kubelet)
 }
--- a/pkg/pekahi/cert.go
+++ b/pkg/pekahi/cert.go
@@ -7,7 +7,7 @@ import (
 	"crypto/rand"
 	"crypto/x509"
 	"errors"
-	"io/ioutil"
+	"os"
 )
 type Cert struct {
@@ -96,9 +96,9 @@ func (c *Certificate) Save() error {
 // temporary directory
 func (c *Certificate) ensureIO() {
 	if c.IO == nil {
-		dir, _ := ioutil.TempDir("/tmp", "cert-")
+		tmp, _ := os.CreateTemp("", "cert-")
-		c.IO = FileIO{dir}
+		tmp.Close()
-		c.Save()
+		c.IO = FileIO{tmp.Name()}
 	}
 }

--- a/pkg/pki/ca.go
+++ b/pkg/pki/ca.go
@@ -47,7 +47,7 @@ func EmptyClusterCA() *ClusterCA {
 // Merge the CA
 func (n *ClusterCA) Merge(remote *ClusterCA) bool {
 	change := mergeCert(n.TLS, remote.TLS)
-	change = change || mergeCert(n.Kubelet, remote.Kubelet)
+	change = mergeCert(n.Kubelet, remote.Kubelet) || change
-	change = change || mergeCert(n.API, remote.API)
+	change = mergeCert(n.API, remote.API) || change
 	return change
 }
--- a/pkg/pki/node.go
+++ b/pkg/pki/node.go
@@ -42,7 +42,7 @@ func NewNodeCerts(path string, nodeName string) (*NodeCerts, error) {
 // Merge node certificates
 func (n *NodeCerts) Merge(other *NodeCerts) bool {
 	change := mergeCert(n.TLS, other.TLS)
-	change = change || mergeCert(n.API, other.API)
+	change = mergeCert(n.API, other.API) || change
 	return change
 }