chore: Hyperv and upstream Containerd package support

[jsturtevant]

Reason for Change:

Containerd 1.4rc1 is now available. Hyperv support has progressed but is still in experimental support.

This pr enables:

• using builds from containerd upstream builds
• Configuration support for hyperv using RuntimeClass
• doc updates

Better support for configuring Containerd will be done in a separate PR after a discussion in issue #3687

Issue Fixed:

Fixes #2827

Requirements:

• uses conventional commit messages
• includes documentation
• adds unit tests
• tested upgrade from previous version

Notes:

[jsturtevant]

/cc @AbelHu @marosset @ksubrmnn

[codecov]

Codecov Report

Merging #3688 into master will increase coverage by 0.00%.
The diff coverage is 84.54%.

@@           Coverage Diff            @@
##           master    #3688    +/-   ##
========================================
  Coverage   73.14%   73.15%            
========================================
  Files         147      147            
  Lines       25165    25301   +136     
========================================
+ Hits        18408    18508   +100     
- Misses       5623     5655    +32     
- Partials     1134     1138     +4     

Impacted Files	Coverage Δ
pkg/api/common/const.go	40.00% <ø> (ø)
pkg/api/vlabs/types.go	71.83% <ø> (ø)
pkg/engine/engine.go	85.64% <0.00%> (-0.31%)	⬇️
pkg/engine/templates_generated.go	53.42% <38.88%> (-0.20%)	⬇️
pkg/api/vlabs/validate.go	80.00% <92.50%> (+0.50%)	⬆️
pkg/api/addons.go	97.79% <100.00%> (+0.02%)	⬆️
pkg/api/converterfromapi.go	94.17% <100.00%> (+0.07%)	⬆️
pkg/api/convertertoapi.go	93.68% <100.00%> (+0.07%)	⬆️
pkg/api/k8s_versions.go	100.00% <100.00%> (ø)
pkg/api/types.go	94.31% <100.00%> (+0.06%)	⬆️
... and 8 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f321785...3ca765c. Read the comment docs.

[mboersma]

Why are we using someone's fork of ContainerD?

[jsturtevant]

This the fork the Container Platform team maintains for making the updates required for hyperv. They are in active conversation with the Containerd team to integrate these changes into the upstream. This was the same process they had for the initial Containerd Support that is now in the 1.4 release.

[marosset]

I think we probably want to add a new property in the api model that sets if the default runtime class in the containerd config uses hyper-v isolation or not.
I can't think of a good way to run upstream test passes for both process isolation and hyper-v isolation containers without this.
Thoughts?

[jsturtevant]

Agreed I created issue #3687 with a possible idea. As of right now this will allow running both based on the configuration file that is present in the hyperv package. This is not ideal but wanted to get thoughts on #3687 and get something to unlock the failing tests before modifying the api model to far.

Thinking on it a bit more the model change might be something like:

"windowsProfile": {
        "windowsSku": "Datacenter-Core-2004-with-Containers-smalldisk",
        "imageVersion": "latest",
        "defaultHandler": process/hyperv
          "hypervisorHandlers":[
            "17763",
            "18362",
            "18363",
            "19041"
          ]

This would allow user to specify:

• process isolated default and no hyperv handlers,
• process isolated default with configurable hypervisor handlers
• hyperv default, process isolated, and configurable hypervisor handlers.

These fields would only be valid if using containerd.

[marosset]

I think we need to have at least have a switch for the default runtime handler / isolation type for this to get checked in to master.
It looks like in the code the in this PR the switch to use hyper-v vs process isolation is the existence of a config file which will currently always exist.

We can use #3687 to figure out how to handle more customizing the non-default runtime classes defined in the containerd config.

[mainred]

May I regard this package url as the _official url_for 20H1 so far?

[jsturtevant]

yes this is the latest package

[marosset]

These are the official bits but we will probably need to host them along with our other artifacts for production use.
k8swin.blob.core.windows.net is just hosted in a single zone.

[jsturtevant]

I am going to set up a different url for prod use. Will follow back once I have it

[marosset]

Sounds good.
That should not block this PR IMO

[marosset]

/lgtm

[acs-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsturtevant, marosset

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [marosset]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment