kubeadm cri installation instructions

[vincepri]

Fixes kubernetes/kubeadm#1086
Fixes #9692

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: zacharysarah

If they are not already assigned, you can assign the PR to them by writing /assign @zacharysarah in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8sio-netlify-preview-bot]

Deploy preview for kubernetes-io-master-staging ready!

Built with commit 7876861

https://deploy-preview-10186--kubernetes-io-master-staging.netlify.com

[k8sio-netlify-preview-bot]

Deploy preview for kubernetes-io-master-staging ready!

Built with commit 22ca1d1

https://deploy-preview-10186--kubernetes-io-master-staging.netlify.com

[timothysc]

/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @kubernetes/sig-node-pr-reviews

[detiber]

Should we be telling users to modify /etc/sysctl.conf instead of using echo? Otherwise sysctl -p doesn't really have any effect here, and the changes will not persist through a reboot.

[vincepri]

Good point. Maybe we can add a file to /etc/sysctl.d/? Something like 99-kubernetes-cri.conf should do the trick.

[detiber]

We really shouldn't be telling users to override the unit in this way, instead they should be passing this info in to the kubeadm config.

[vincepri]

@detiber Something like

nodeRegistration:
  kubeletExtraArgs:
    container-runtime-endpoint: unix:///var/run/containerd/containerd.sock

would work?

[neolit123]

@vincepri
thanks a lot for the PR!
added some minor comments.

[neolit123]

we should move this doc to somewhere else.
reference/setup-tools/kubeadm/ is the folder about the kubeadm CLI flags docs.
and move the kubeadm init content too.

my initial suggestion would be:
-> docs/setup/independent
if this guide is kubeadm related.

if not it has to go somewhere else.

[vincepri]

Agreed. The goal is to have this as a general CRI installation document and reference it as needed. Where would you suggest to have it reside?

[neolit123]

the structure of the k8s.io documentation is bit confusing.
we have both tasks and setup and the answer to the question is difficult.

i would add this under a new folder under docs/setup/ called cri (title: Kubernetes CRI):

the folder needs an _index.md as this one to set the title:
https://github.com/kubernetes/website/tree/master/content/en/docs/setup/independent

the name cri-installation.md as a file under that folder SGTM.

[neolit123]

please lowercase Installation i think we should have this consistent for other pages too.

[neolit123]

thank you for the update @vincepri
let's see if others have more comments.

[vincepri]

@neolit123 @detiber Thank you for the feedback! I addressed all the comments. Let me know if there is anything else.

[neolit123]

@vincepri
thanks for the update removing the docker instructions from the general kubeadm setup guide.
LGTM

[timothysc]

We will need to outline that Docker is still the default and if another CRI and outline the command line overrides in the kubeadm init / join below.

[timothysc]

You might say something like:

By default, kubernetes is configured to work with docker (18.06). In order to enable other CRIs please consult https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/ and https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/ instructions.

[vincepri]

Is the docker version relevant? In the CRI docs instructions we're still suggesting to install 17.03, should we update it? This is especially relevant for Ubuntu 18.04.

[neolit123]

so that's a good question.
17.03 is the last verified version by SIG node and as Tim mentioned yesterday they are not going to verify a newer version.

these docs here seem out of date:
https://docs.docker.com/release-notes/docker-ce/

i think this shows the truth:
https://github.com/docker/docker-ce/releases
18.06.1-ce - latest edge
18.03.1-ce - latest stable

[vincepri]

I think we should include the information you just shared in the CRI document, under the Docker section. The install-kubeadm one can be left version-less?

[neolit123]

it really depends of what version is tested with k8s, because we cannot recommend even a stable docker version if it's broken with k8s latest.
i will defer to others for more comments.

[vincepri]

@timothysc thoughts/preferences on the above?

[neolit123]

@vincepri
PSA, we are soon going to merge a PR that updates the max validated version of docker for kubeadm to 18.06:
kubernetes/kubernetes#68495

we need to reflect this in the docs as recommended version.
at least attempt to, given all the distro flavors that we have to support.

[timothysc]

/assign @Bradamant3

[bartosh]

Can you elaborate on this a bit? Why containerd is suggested kubeadm CRI? Why not CRI-O or both?

[vincepri]

I believe this was due to the lack of tests with docker, not totally sure about CRI-O. I'll defer to @timothysc.

[timothysc]

@neolit123 once we have CI-Signal back we need to double check the versions.

[neolit123]

my vote would be to not go with this statement for 1.12.0.
docker is currently the CRI for most of kubeadm users and also all of the kubeadm e2e here are docker too:
https://k8s-testgrid.appspot.com/sig-cluster-lifecycle-all

[bart0sh]

I agree with @neolit123 here. Let's not promote switching to other runtimes just yet. Let's provide more information on how to set up CRI runtimes and how to use them. That should be enough for 1.12 I believe.

[neolit123]

we are pending on decision for this.
i don't have strong opinions here.

the state of tests from sig-node for containerd are yellow-ish:
https://k8s-testgrid.appspot.com/sig-node-containerd

we do not have any tests for kubeadm and containerd yet, but our docker tests are passing at least.

[neolit123]

xref:
https://github.com/kubernetes/website/pull/10186/files#r215439277

[bart0sh]

Instructions to update systemd config was quite useful. I'd suggest not to remove it.

[vincepri]

Given that this is now covered by kubeadm directly, I think it's safe to remove. The kubelet systemd example should live under kubelet docs.

[bart0sh]

Current documentation uses both ways of configuring kubelet - using configuration file and systemd drop-ins. In my opinion removing this can create confusion among users who prefer to use latter approach.

[bart0sh]

I'd leave this as is as docker is still a default runtime.

[vincepri]

Sounds good, thanks!

[bart0sh]

I'd propose to leave this as it is and add setup instructions for at least containerd and CRI-O.

[bart0sh]

looked at rktlet and frakti. Not sure I understand why to remove them from this document.

[vincepri]

We could add instructions for other runtimes with kubeadm to this page later on, does that sound good? We should definitely track these.

[bart0sh]

I think it would be better to leave links to other runtimes documentation even if we don't have our instructions for those. People at least would know that those runtimes exist and they can be also potentially used.

[timothysc]

Let's get the CI signal back, double check versions and loop back to this once the mains are back online.

[mythi]

I did a fresh pull of containerd and the socket path I get is /run/containerd/containerd.sock

[bart0sh]

@vincepri Here is an example of what I meant: #10299

The idea is to provide instructions for the CRI runtimes that we can create without changing current documentation too much.

@ALL Does this make sense?

[vincepri]

Closing in favor of #10299