Airgapped installation of containerd and runc

[FedericoAntoniazzi]

Current situation

The binaries of containerd and runc are downloaded from github.com, but not all production servers are allowed to download packages from the site.

Proposed solution

Use the airgapped_install flag to download the containerd and runc binaries on the local machine and sideload them into the remote hosts.

[ralgozino]

I think that calling this solution air-gapped is a little misleading, I'd expect from an air-gapped installation that nothing will be downloaded from the internet and not just some dependencies.

I think that a better approach would be to use the OS package manager to install containerd and runc instead of downloading from GitHub as we do for the Kubernetes packages.

Ubuntu seems to have them available (I haven't checked the other OSes).

• 20.04: containerd and runc
• 22.04: containerd and runc

[nutellinoit]

I think that a better approach would be to use the OS package manager to install containerd and runc instead of downloading from GitHub as we do for the Kubernetes packages.

the containerd and runc binaries are a little mess, when I developed the ansible roles I took as an example kubespray, and they do it like this

[ralgozino]

the containerd and runc binaries are a little mess, when I developed the ansible roles I took as an example kubespray, and they do it like this

In that case, I guess we could go with sideloading as a workaround but I would still not call it airgapped to avoid confusion.

[FedericoAntoniazzi]

Would sideload_binaries be a better flag name?

[FedericoAntoniazzi]

Beside the name, I agree with Ramiro on using os packages instead of binaries. This means being consistent with the rest of the roles and won't require a network policy for downloading files from github.com, which may be a security risk.

Or maybe we should consider an additional solution for airgapped environments. I don't know if the effort outweighs the benefit.