Skip to content

Enable Gardener Node Agent to properly configure containerd 2.0 which introduced v3 of its config file #11623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 13, 2025
Merged

Enable Gardener Node Agent to properly configure containerd 2.0 which introduced v3 of its config file #11623

merged 4 commits into from
Mar 13, 2025

Conversation

MrBatschner
Copy link
Contributor

@MrBatschner MrBatschner commented Mar 7, 2025
edited by ialidzhikov
Loading

How to categorize this PR?

/kind enhancement
/area os

What this PR does / why we need it:

With containerd 2.0, a new config file version v3 was introduced. With that, a number of configuration options in
/etc/containerd/config.toml moved to different paths - see issue #11611 for more details.

With this PR, when GNA makes changes to /etc/containerd/config.toml in its ensureContainerdConfiguration(), it will first read the version header of the config file and then use a lookup-table to determine at which path the configuration needs to be set.
Furthermore, when config file version 3 is detected, it will translate any path that is inserted through an OSC PluginConfiguration and that matches a typical v2 compliant path prefix to the equivalent v3 compliant path prefix.
Finally, this PR makes GNA always configure the CNI plugin directory to /opt/cni/bin as this is the upstream containerd default that all network plugins we use in Gardener get installed into.

I took the liberty to move all containerd config related functions into the separate file containerd_config.go for better test coverage of these changes.

Which issue(s) this PR fixes:
Fixes #11611

Release note:

The gardener-node-agent is now able to deal with the new version v3 of containerd's configuration file `/etc/containerd/config.toml`. As this new version of the configuration file comes with a new structure of certain configuration options, gardener-node-agent must be able to write configuration changes to different locations within the file based on its version. If it detects this config file to be version 3, it will write all relevant configuration changes to the new config keys. In addition, for any plugins inserted through an OSC `PluginConfiguration`, it will check if its path matches a typical v2 compliant path prefix and will translate it to the equivalent v3 compliant path prefix.

@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 7, 2025

@MrBatschner: The label(s) area/enhancement, kind/os cannot be applied, because the repository doesn't have them.

In response to this:

How to categorize this PR?

/area enhancement
/kind os

What this PR does / why we need it:

With containerd 2.0, a new config file version v3 was introduced. With that, a number of configuration options in
/etc/containerd/config.toml moved to different paths - see issue #11611 for more details.

With this PR, when GNA makes changes to /etc/containerd/config.toml in its ensureContainerdConfiguration(), it will first read the version header of the config file and then use a lookup-table to determine at which path the configuration needs to be set.
Furthermore, when config file version 3 is detected, it will translate any path that is inserted through an OSC PluginConfiguration and that matches a typical v2 compliant path prefix to the equivalent v3 compliant path prefix.
Finally, this PR makes GNA always configure the CNI plugin directory to /opt/cni/bin as this is the upstream containerd default that all network plugins we use in Gardener get installed into.

I took the liberty to move all containerd config related functions into the separate file containerd_config.go for better test coverage of these changes.

Which issue(s) this PR fixes:
Fixes #11611

Release note:

Gardener node agent is now able to deal with the new version v3 of containerds configuration file `/etc/containerd/config.toml`. As this new version of the configuration file comes with a new structure of certain configuration options, GNA must be able to write configuration changes to different locations within the file based on its version. If it detects this config file to be version 3, it will write all relevant configuration changes to the new config keys. In addition, for any plugins inserted through an OSC `PluginConfiguration`, it will check if its path matches a typical v2 compliant path prefix and will translate it to the equivalent v3 compliant path prefix.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@gardener-prow gardener-prow bot added cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Mar 7, 2025
@gardener-prow gardener-prow bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Mar 7, 2025
@MrBatschner MrBatschner force-pushed the gna-containerd-2.0-config-handling branch from ebf908d to 06695dd Compare March 10, 2025 15:48
@MrBatschner
Copy link
Contributor Author

/kind enhancement
/area os

@gardener-prow gardener-prow bot added kind/enhancement Enhancement, improvement, extension area/os Operator system related and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Mar 10, 2025
@MrBatschner
changes to GNA to properly configure containerd 2
8d7d944 
With containerd 2.0, a new config file version v3 was introduced.
With that, a number of configuration options in
/etc/containerd/config.toml moved to different paths.
GNA now uses these paths to configure containerd if a config file
v3 is detected.
@MrBatschner MrBatschner force-pushed the gna-containerd-2.0-config-handling branch from 06695dd to 8d7d944 Compare March 10, 2025 16:32
@ScheererJ
Copy link
Member

/assign

ScheererJ
ScheererJ reviewed Mar 11, 2025
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for working on supporting the new containerd major release.

I have a few questions/comments.

@gardener-prow gardener-prow bot added cla: no Indicates the PR's author has not signed the cla-assistant.io CLA. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. and removed cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. cla: no Indicates the PR's author has not signed the cla-assistant.io CLA. labels Mar 13, 2025
@MrBatschner
Copy link
Contributor Author

@ScheererJ: Thank you for your review, I addressed your points. Would be nice if you could take another look.

@MrBatschner MrBatschner requested a review from ScheererJ March 13, 2025 11:05
ScheererJ
ScheererJ approved these changes Mar 13, 2025
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@gardener-prow gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 13, 2025
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 13, 2025

LGTM label has been added.

Git tree hash: 7fd16a13e809c87e56df8345ca2859829f13ff49

@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 13, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ScheererJ

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 13, 2025
@gardener-prow gardener-prow bot merged commit 1545cd7 into gardener:master Mar 13, 2025
19 checks passed
@majst01 majst01 mentioned this pull request Jun 23, 2025
Open
@MrBatschner MrBatschner mentioned this pull request Aug 4, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ScheererJ ScheererJ ScheererJ approved these changes

@ialidzhikov ialidzhikov Awaiting requested review from ialidzhikov

@LucaBernstein LucaBernstein Awaiting requested review from LucaBernstein

Assignees

@ScheererJ ScheererJ

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/os Operator system related cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/enhancement Enhancement, improvement, extension lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Adapt GNA to remain compatible with containerd 2.0
2 participants
@MrBatschner @ScheererJ