kubernetes · k8s-ci-robot · Dec 23, 2020 · Dec 19, 2020
diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go
@@ -326,9 +326,19 @@ func TestMixedInstancesSpotASG(t *testing.T) {
 	newIntegrationTest("mixedinstances.example.com", "mixed_instances_spot").withZones(3).runTestCloudformation(t)
 }
 
-// TestContainerdCloudformation runs the test on a containerd configuration
-func TestContainerdCloudformation(t *testing.T) {
-	newIntegrationTest("containerd.example.com", "containerd-cloudformation").runTestCloudformation(t)
+// TestContainerd runs the test on a containerd configuration
+func TestContainerd(t *testing.T) {
+	newIntegrationTest("containerd.example.com", "containerd").runTestCloudformation(t)
+}
+
+// TestContainerdCustom runs the test on a custom containerd URL configuration
+func TestContainerdCustom(t *testing.T) {
+	newIntegrationTest("containerd.example.com", "containerd-custom").runTestCloudformation(t)
+}
+
+// TestDockerCustom runs the test on a custom Docker URL configuration
+func TestDockerCustom(t *testing.T) {
+	newIntegrationTest("docker.example.com", "docker-custom").runTestCloudformation(t)
 }
 
 // TestLaunchConfigurationASG tests ASGs using launch configurations instead of launch templates

diff --git a/docs/cluster_spec.md b/docs/cluster_spec.md
@@ -907,21 +907,49 @@ spec:
 
 ## containerd
 
+### Configuration
+
 It is possible to override the [containerd](https://github.com/containerd/containerd/blob/master/README.md) daemon options for all the nodes in the cluster. See the [API docs](https://pkg.go.dev/k8s.io/kops/pkg/apis/kops#ContainerdConfig) for the full list of options.
 
 ```yaml
 spec:
   containerd:
-    version: 1.3.3
+    version: 1.4.3
     logLevel: info
     configOverride: ""
 ```
 
-## docker
+### Custom Packages
+
+kOps uses the `.tar.gz` packages for installing containerd on any supported OS. This makes it easy to use a custom build or pre-release packages, by specifying its URL and sha256:
+
+```yaml
+spec:
+  containerd:
+    packages:
+      urlAmd64: https://github.com/containerd/containerd/releases/download/v1.4.3/cri-containerd-cni-1.4.3-linux-amd64.tar.gz
+      hashAmd64: 2697a342e3477c211ab48313e259fd7e32ad1f5ded19320e6a559f50a82bff3d
+```
+
+The format of the custom package must be identical to the official packages:
+
+```bash
+tar tf cri-containerd-cni-1.4.3-linux-amd64.tar.gz
+    usr/local/bin/containerd
+    usr/local/bin/containerd-shim
+    usr/local/bin/containerd-shim-runc-v1
+    usr/local/bin/containerd-shim-runc-v2
+    usr/local/bin/crictl
+    usr/local/bin/critest
+    usr/local/bin/ctr
+    usr/local/sbin/runc
+```
+
+## Docker
 
 It is possible to override Docker daemon options for all masters and nodes in the cluster. See the [API docs](https://pkg.go.dev/k8s.io/kops/pkg/apis/kops#DockerConfig) for the full list of options.
 
-### registryMirrors
+### Registry Mirrors
 
 If you have a bunch of Docker instances (physical or vm) running, each time one of them pulls an image that is not present on the host, it will fetch it from the internet (DockerHub). By caching these images, you can keep the traffic within your local network and avoid egress bandwidth usage.
 This setting benefits not only cluster provisioning but also image pulling.
@@ -948,7 +976,7 @@ spec:
 
 **NOTE:** When this field is set to `true`, it is entirely up to the user to install and configure Docker.
 
-### storage
+### Storage
 
 The Docker [Storage Driver](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-storage-driver) can be specified in order to override the default. Be sure the driver you choose is supported by your operating system and docker version.
 
@@ -961,7 +989,7 @@ docker:
     - "dm.use_deferred_removal=true"
 ```
 
-### networking
+### Networking
 
 In order for containers started with `docker run` instead of Kubernetes to have network and internet access you need to enable the necessary [iptables](https://docs.docker.com/network/iptables/) rules:
 
@@ -971,6 +999,33 @@ docker:
   ipTables: true
 ```
 
+### Custom Packages
+
+kOps uses the `.tgz` (static) packages for installing Docker on any supported OS. This makes it easy to use a custom build or pre-release packages, by specifying its URL and sha256:
+
+```yaml
+spec:
+  containerd:
+    packages:
+      urlAmd64: https://download.docker.com/linux/static/stable/x86_64/docker-20.10.1.tgz
+      hashAmd64: 8790f3b94ee07ca69a9fdbd1310cbffc729af0a07e5bf9f34a79df1e13d2e50e
+```
+
+The format of the custom package must be identical to the official packages:
+
+```bash
+tar tf docker-20.10.1.tgz
+    docker/containerd
+    docker/containerd-shim
+    docker/containerd-shim-runc-v2
+    docker/ctr
+    docker/docker
+    docker/docker-init
+    docker/docker-proxy
+    docker/dockerd
+    docker/runc
+```
+
 ## sshKeyName
 
 In some cases, it may be desirable to use an existing AWS SSH key instead of allowing kOps to create a new one.

diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -483,28 +483,45 @@ spec:
                 description: Component configurations
                 properties:
                   address:
-                    description: Address of containerd's GRPC server (default "/run/containerd/containerd.sock")
+                    description: Address of containerd's GRPC server (default "/run/containerd/containerd.sock").
                     type: string
                   configOverride:
-                    description: Complete containerd config file provided by the user
+                    description: ConfigOverride is the complete containerd config
+                      file provided by the user.
                     type: string
                   logLevel:
-                    description: Logging level [trace, debug, info, warn, error, fatal,
-                      panic] (default "info")
+                    description: LogLevel controls the logging details [trace, debug,
+                      info, warn, error, fatal, panic] (default "info").
                     type: string
+                  packages:
+                    description: Packages overrides the URL and hash for the packages.
+                    properties:
+                      hashAmd64:
+                        description: HashAmd64 overrides the hash for the AMD64 package.
+                        type: string
+                      hashArm64:
+                        description: HashArm64 overrides the hash for the ARM64 package.
+                        type: string
+                      urlAmd64:
+                        description: UrlAmd64 overrides the URL for the AMD64 package.
+                        type: string
+                      urlArm64:
+                        description: UrlArm64 overrides the URL for the ARM64 package.
+                        type: string
+                    type: object
                   root:
-                    description: Directory for persistent data (default "/var/lib/containerd")
+                    description: Root directory for persistent data (default "/var/lib/containerd").
                     type: string
                   skipInstall:
-                    description: Prevents kops from installing and modifying containerd
-                      in any way (default "false")
+                    description: SkipInstall prevents kOps from installing and modifying
+                      containerd in any way (default "false").
                     type: boolean
                   state:
-                    description: Directory for execution state files (default "/run/containerd")
+                    description: State directory for execution state files (default
+                      "/run/containerd").
                     type: string
                   version:
-                    description: Consumed by nodeup and used to pick the containerd
-                      version
+                    description: Version used to pick the containerd package.
                     type: string
                 type: object
               dnsControllerGossipConfig:
@@ -634,6 +651,22 @@ spec:
                     description: MTU is the containers network MTU
                     format: int32
                     type: integer
+                  packages:
+                    description: Packages overrides the URL and hash for the packages.
+                    properties:
+                      hashAmd64:
+                        description: HashAmd64 overrides the hash for the AMD64 package.
+                        type: string
+                      hashArm64:
+                        description: HashArm64 overrides the hash for the ARM64 package.
+                        type: string
+                      urlAmd64:
+                        description: UrlAmd64 overrides the URL for the AMD64 package.
+                        type: string
+                      urlArm64:
+                        description: UrlArm64 overrides the URL for the ARM64 package.
+                        type: string
+                    type: object
                   registryMirrors:
                     description: RegistryMirrors is a referred list of docker registry
                       mirror

diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go
@@ -789,3 +789,14 @@ type RollingUpdate struct {
 	// +optional
 	MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty"`
 }
+
+type PackagesConfig struct {
+	// HashAmd64 overrides the hash for the AMD64 package.
+	HashAmd64 *string `json:"hashAmd64,omitempty"`
+	// HashArm64 overrides the hash for the ARM64 package.
+	HashArm64 *string `json:"hashArm64,omitempty"`
+	// UrlAmd64 overrides the URL for the AMD64 package.
+	UrlAmd64 *string `json:"urlAmd64,omitempty"`
+	// UrlArm64 overrides the URL for the ARM64 package.
+	UrlArm64 *string `json:"urlArm64,omitempty"`
+}
diff --git a/pkg/apis/kops/containerdconfig.go b/pkg/apis/kops/containerdconfig.go
@@ -18,18 +18,20 @@ package kops
 
 // ContainerdConfig is the configuration for containerd
 type ContainerdConfig struct {
-	// Address of containerd's GRPC server (default "/run/containerd/containerd.sock")
+	// Address of containerd's GRPC server (default "/run/containerd/containerd.sock").
 	Address *string `json:"address,omitempty" flag:"address"`
-	// Complete containerd config file provided by the user
+	// ConfigOverride is the complete containerd config file provided by the user.
 	ConfigOverride *string `json:"configOverride,omitempty"`
-	// Logging level [trace, debug, info, warn, error, fatal, panic] (default "info")
+	// LogLevel controls the logging details [trace, debug, info, warn, error, fatal, panic] (default "info").
 	LogLevel *string `json:"logLevel,omitempty" flag:"log-level"`
-	// Directory for persistent data (default "/var/lib/containerd")
+	// Packages overrides the URL and hash for the packages.
+	Packages *PackagesConfig `json:"packages,omitempty"`
+	// Root directory for persistent data (default "/var/lib/containerd").
 	Root *string `json:"root,omitempty" flag:"root"`
-	// Prevents kops from installing and modifying containerd in any way (default "false")
+	// SkipInstall prevents kOps from installing and modifying containerd in any way (default "false").
 	SkipInstall bool `json:"skipInstall,omitempty"`
-	// Directory for execution state files (default "/run/containerd")
+	// State directory for execution state files (default "/run/containerd").
 	State *string `json:"state,omitempty" flag:"state"`
-	// Consumed by nodeup and used to pick the containerd version
+	// Version used to pick the containerd package.
 	Version *string `json:"version,omitempty"`
 }
diff --git a/pkg/apis/kops/dockerconfig.go b/pkg/apis/kops/dockerconfig.go
@@ -60,6 +60,8 @@ type DockerConfig struct {
 	MetricsAddress *string `json:"metricsAddress,omitempty" flag:"metrics-addr"`
 	// MTU is the containers network MTU
 	MTU *int32 `json:"mtu,omitempty" flag:"mtu"`
+	// Packages overrides the URL and hash for the packages.
+	Packages *PackagesConfig `json:"packages,omitempty"`
 	// RegistryMirrors is a referred list of docker registry mirror
 	RegistryMirrors []string `json:"registryMirrors,omitempty" flag:"registry-mirror,repeat"`
 	// Runtimes registers an additional OCI compatible runtime (default [])

diff --git a/pkg/apis/kops/v1alpha2/cluster.go b/pkg/apis/kops/v1alpha2/cluster.go
@@ -674,3 +674,14 @@ type RollingUpdate struct {
 	// +optional
 	MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty"`
 }
+
+type PackagesConfig struct {
+	// HashAmd64 overrides the hash for the AMD64 package.
+	HashAmd64 *string `json:"hashAmd64,omitempty"`
+	// HashArm64 overrides the hash for the ARM64 package.
+	HashArm64 *string `json:"hashArm64,omitempty"`
+	// UrlAmd64 overrides the URL for the AMD64 package.
+	UrlAmd64 *string `json:"urlAmd64,omitempty"`
+	// UrlArm64 overrides the URL for the ARM64 package.
+	UrlArm64 *string `json:"urlArm64,omitempty"`
+}
diff --git a/pkg/apis/kops/v1alpha2/containerdconfig.go b/pkg/apis/kops/v1alpha2/containerdconfig.go
@@ -18,18 +18,20 @@ package v1alpha2
 
 // ContainerdConfig is the configuration for containerd
 type ContainerdConfig struct {
-	// Address of containerd's GRPC server (default "/run/containerd/containerd.sock")
+	// Address of containerd's GRPC server (default "/run/containerd/containerd.sock").
 	Address *string `json:"address,omitempty" flag:"address"`
-	// Complete containerd config file provided by the user
+	// ConfigOverride is the complete containerd config file provided by the user.
 	ConfigOverride *string `json:"configOverride,omitempty"`
-	// Logging level [trace, debug, info, warn, error, fatal, panic] (default "info")
+	// LogLevel controls the logging details [trace, debug, info, warn, error, fatal, panic] (default "info").
 	LogLevel *string `json:"logLevel,omitempty" flag:"log-level"`
-	// Directory for persistent data (default "/var/lib/containerd")
+	// Packages overrides the URL and hash for the packages.
+	Packages *PackagesConfig `json:"packages,omitempty"`
+	// Root directory for persistent data (default "/var/lib/containerd").
 	Root *string `json:"root,omitempty" flag:"root"`
-	// Prevents kops from installing and modifying containerd in any way (default "false")
+	// SkipInstall prevents kOps from installing and modifying containerd in any way (default "false").
 	SkipInstall bool `json:"skipInstall,omitempty"`
-	// Directory for execution state files (default "/run/containerd")
+	// State directory for execution state files (default "/run/containerd").
 	State *string `json:"state,omitempty" flag:"state"`
-	// Consumed by nodeup and used to pick the containerd version
+	// Version used to pick the containerd package.
 	Version *string `json:"version,omitempty"`
 }
diff --git a/pkg/apis/kops/v1alpha2/dockerconfig.go b/pkg/apis/kops/v1alpha2/dockerconfig.go
@@ -60,6 +60,8 @@ type DockerConfig struct {
 	MetricsAddress *string `json:"metricsAddress,omitempty" flag:"metrics-addr"`
 	// MTU is the containers network MTU
 	MTU *int32 `json:"mtu,omitempty" flag:"mtu"`
+	// Packages overrides the URL and hash for the packages.
+	Packages *PackagesConfig `json:"packages,omitempty"`
 	// RegistryMirrors is a referred list of docker registry mirror
 	RegistryMirrors []string `json:"registryMirrors,omitempty" flag:"registry-mirror,repeat"`
 	// Runtimes registers an additional OCI compatible runtime (default [])