ack-optimized-os: add contianerd support for 1.18 k8s cluster

2026-01-27 10:18:13 +00:00 · 2021-04-07 17:34:00 +08:00
parent e37ae09246
commit 3b9f098552
2 changed files with 83 additions and 22 deletions
--- a/examples/ack-optimized-os-1.18.json
+++ b/examples/ack-optimized-os-1.18.json
@@ -5,7 +5,9 @@
    "instance_type": "ecs.g6.large",
    "region": "{{env `ALICLOUD_REGION`}}",
    "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
-    "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
+    "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}",
+    "runtime": "{{env `RUNTIME`}}",
+    "skip_secrutiy_fix": "{{env `SKIP_SECURITY_FIX`}}"
  },
  "builders": [
    {
@@ -22,10 +24,17 @@
    }
  ],
  "provisioners": [
+    {
+      "type": "file",
+      "source": "scripts/ack-optimized-os-1.18.sh",
+      "destination": "/root/"
+    },
    {
      "type": "shell",
-      "scripts": [
-          "scripts/ack-optimized-os-1.18.sh"
+      "inline": [
+        "export RUNTIME={{user `runtime`}}",
+        "export SKIP_SECURITY_FIX={{user `skip_secrutiy_fix`}}",
+        "bash /root/ack-optimized-os-1.18.sh"
      ]
    }
  ]
--- a/scripts/ack-optimized-os-1.18.sh
+++ b/scripts/ack-optimized-os-1.18.sh
@@ -3,13 +3,50 @@
 set -x
 set -e

-SRC_DIR=$(dirname $(readlink -e -v $0))
-OS="AliyunOS"
-DOCKER_VERSION="19.03.5"
-KUBE_VERSION="1.18.8-aliyun.1"
-REGION=$(curl --retry 10 -sSL http://100.100.100.200/latest/meta-data/region-id)
-PKG_FILE_SERVER="http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com/$BETA_VERSION"
-ACK_OPTIMIZED_OS_BUILD=1
+usage() {
+    cat >&2 <<-EOF
+Usage:
+    $0 -r RUNTIME [-s]
+
+Flags:
+    -r: sepcify container runtime, available value: docker and containerd
+    -s: skip security upgrade
+
+Example:
+    $0 -r docker -s
+    $0 -r docker
+    $0 -r containerd -s
+    $0 -r containerd
+EOF
+    exit 1
+}
+
+check_params() {
+    while getopts "r:sh" opt; do
+        case $opt in
+        r) RUNTIME="$OPTARG" ; ;;
+        s) SKIP_SECURITY_FIX="1" ; ;;
+        h | ?) usage ; ;;
+        esac
+    done
+
+    if [[ -z $RUNTIME ]] || [[ $RUNTIME != "docker" && $RUNTIME != "containerd" ]]; then
+        echo "ERROR: RUNTIME must not be empty, only support 'docker' and 'containerd' "
+        usage
+    fi
+}
+
+setup_env() {
+    export RUNTIME
+    export OS="AliyunOS"
+    export RUNTIME_VERSION="1.4.4"
+    export DOCKER_VERSION="19.03.5"
+    export KUBE_VERSION="1.18.8-aliyun.1"
+    export REGION=$(curl --retry 10 -sSL http://100.100.100.200/latest/meta-data/region-id)
+    export PKG_FILE_SERVER="http://aliacs-k8s-$REGION.oss-$REGION-internal.aliyuncs.com/$BETA_VERSION"
+    export ACK_OPTIMIZED_OS_BUILD=1
+}
+

 download_pkg() {
    curl --retry 4 $PKG_FILE_SERVER/public/pkg/run/run-${KUBE_VERSION}.tar.gz -O
@@ -130,21 +167,27 @@ wl1000-firmware
 wpa_supplicant
 xfsprogs
 "
-    for pkg in $pkg_list; do
-        yum remove -y $pkg
-    done
-
+    yum remove -y $pkg_list
    rm -rf /lib/modules/$(uname -r)/kernel/drivers/{media,staging,gpu,usb}
    rm -rf /boot/*-rescue-* /boot/*3.10.0* /usr/share/{doc,man} /usr/src
 }

 pull_image() {
-    systemctl start docker
-    sleep 3
+    if [[ "$RUNTIME" = "docker" ]]; then
+        systemctl start docker
+        sleep 10

-    docker pull  registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION}
-    docker pull  registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2
-    docker pull  registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7
+        docker pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION}
+        docker pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2
+        docker pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7
+    else
+        systemctl start containerd
+        sleep 10
+
+        ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/kube-proxy:v${KUBE_VERSION}
+        ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/pause:3.2
+        ctr -n k8s.io i pull registry-vpc.${REGION}.aliyuncs.com/acs/coredns:1.6.7
+    fi
 }

 update_os_release() {
@@ -158,6 +201,12 @@ docker=$DOCKER_VERSION
 EOF
 }

+post_install() {
+    if [[ $SKIP_SECURITY_FIX ]]; then
+        touch /var/.skip-security-fix
+    fi
+}
+
 cleanup() {
    rm -rf ./{addon*,docker*,kubernetes*,pkg,run*}
 }
@@ -165,10 +214,13 @@ cleanup() {
 main() {
    trap 'cleanup' EXIT

-    download_pkg
-    source_file
+    check_params "$@"
+    setup_env

    trim_os
+
+    download_pkg
+    source_file
    install_pkg

    pull_image
@@ -176,4 +228,4 @@ main() {
    record_k8s_version
 }

-main
+main "$@"