CRI: remove deprecated config properties (auths, configs, mirrors)

[AkihiroSuda]

Note

The removal is likely going to be postponed to v2.1

• Postpone removal of deprecated CRI config properties #9966

Remove the following config properties in /etc/containerd/config.toml:

Property Group	Property	Deprecation release	Target release for removal	Recommendation
[plugins."io.containerd.grpc.v1.cri".registry]	auths	containerd v1.3	containerd v2.0 ✅	Use ImagePullSecrets. See also #8228.
[plugins."io.containerd.grpc.v1.cri".registry]	configs	containerd v1.5	containerd v2.0 ✅	Use config_path
[plugins."io.containerd.grpc.v1.cri".registry]	mirrors	containerd v1.5	containerd v2.0 ✅	Use config_path

The toml properties are still kept for printing human-readable errors, but the properties will be completely removed in v2.1.

Depends on:

• jobs/e2e_node/containerd: Migrate deprecated [plugins."io.containerd.grpc.v1.cri".registry.mirrors] to config_path kubernetes/test-infra#31851
• Update gce configure.sh to use registry config_path #9778

[AkihiroSuda]

cc @thockin @dims

[k8s-ci-robot]

@AkihiroSuda: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-containerd-node-e2e	8313a1c	link	true	/test pull-containerd-node-e2e

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[AkihiroSuda]

https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/containerd_containerd/9766/pull-containerd-node-e2e/1754745360544174080

{ failed [FAILED] Unexpected error:
    <*fmt.wrapError | 0xc0000bd900>: 
    validate service connection: validate CRI v1 runtime API for endpoint "unix:///run/containerd/containerd.sock": rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: no such file or directory"
    {
        msg: "validate service connection: validate CRI v1 runtime API for endpoint \"unix:///run/containerd/containerd.sock\": rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: no such file or directory\"",
        err: <*fmt.wrapError | 0xc0000bd8e0>{
            msg: "validate CRI v1 runtime API for endpoint \"unix:///run/containerd/containerd.sock\": rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: no such file or directory\"",
            err: <*status.Error | 0xc0009d58f0>{
                s: {
                    s: {
                        state: {
                            NoUnkeyedLiterals: {},
                            DoNotCompare: [],
                            DoNotCopy: [],
                            atomicMessageInfo: nil,
                        },
                        sizeCache: 0,
                        unknownFields: nil,
                        Code: 14,
                        Message: "connection error: desc = \"transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: no such file or directory\"",
                        Details: nil,
                    },
                },
            },
        },
    }
occurred
In [SynchronizedBeforeSuite] at: k8s.io/kubernetes/test/e2e_node/e2e_node_suite_test.go:235 @ 02/06/24 06:17:10.719
}

[samuelkarp]

Can you remove deprecation.CRIRegistryMirrors?

[samuelkarp]

Can you remove deprecation.CRIRegistryConfigs?

[samuelkarp]

Can you remove deprecation.CRIRegistryAuths?

[mikebrow]

don't have a replacement for cri auth yet..

[mikebrow]

@dmcgowan

[mikebrow]

see #7526 (comment)

[AkihiroSuda]

Looks like we have to postpone removal of legacy config, although we may disable it by default and require an env var like CONTAINERD_DEPRECATED_ENABLE_CONTAINERD14_CONFIG

[samuelkarp]

https://storage.googleapis.com/kubernetes-jenkins/pr-logs/pull/containerd_containerd/9766/pull-containerd-node-e2e/1754745360544174080/artifacts/tmp-node-e2e-f8fc27d0-cos-beta-109-17800-66-81-system.log

Feb 06 06:17:06 tmp-node-e2e-f8fc27d0-cos-beta-109-17800-66-81 containerd[3207]: containerd: load required plugin io.containerd.grpc.v1.cri: unable to load CRI image service plugin dependency: invalid cri image config: `mirrors` is no longer supported since containerd v2.0, please use `config_path` instead

We'll need the prowjob to be updated to remove its use of mirrors.

[adisky]

registry mirrors needs to be updated at following places
https://github.com/kubernetes/test-infra/blob/master/jobs/e2e_node/containerd/config.toml#L31

https://github.com/containerd/containerd/blob/main/contrib/gce/configure.sh#L226

[k8s-ci-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[AkihiroSuda]

I guess we should postpone this to v2.1

[github-actions]

This PR is stale because it has been open 90 days with no activity. This PR will be closed in 7 days unless new comments are made or the stale label is removed.