Clean up logic for deprecated flag --container-runtime in scripts

Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
2025-11-03 19:58:17 +00:00 · 2022-01-20 10:06:03 +02:00
parent 9d2b361ebc
commit d01e9cedb1
11 changed files with 70 additions and 355 deletions
--- a/cluster/gce/config-default.sh
+++ b/cluster/gce/config-default.sh
@@ -96,22 +96,10 @@ export NODE_SERVICE_ACCOUNT=${KUBE_GCE_NODE_SERVICE_ACCOUNT:-default}
 # KUBELET_TEST_ARGS are extra arguments passed to kubelet.
 export KUBELET_TEST_ARGS=${KUBE_KUBELET_EXTRA_ARGS:-}
-# Default container runtime
+export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
-export CONTAINER_RUNTIME=${KUBE_CONTAINER_RUNTIME:-containerd}
+export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-containerd}
-# Default container runtime for windows
+export LOG_DUMP_SYSTEMD_SERVICES=${LOG_DUMP_SYSTEMD_SERVICES:-containerd}
-export WINDOWS_CONTAINER_RUNTIME=${KUBE_WINDOWS_CONTAINER_RUNTIME:-containerd}
+export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
 # Set default values with override
 if [[ "${CONTAINER_RUNTIME}" == "docker" ]]; then
  export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/dockershim.sock}
  export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-docker}
  export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-}
 elif [[ "${CONTAINER_RUNTIME}" == "containerd" ||  "${CONTAINER_RUNTIME}" == "remote" ]]; then
  export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
  export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-containerd}
  export LOG_DUMP_SYSTEMD_SERVICES=${LOG_DUMP_SYSTEMD_SERVICES:-containerd}
  export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
 fi
 # Ability to inject custom versions (Ubuntu OS images ONLY)
 # if KUBE_UBUNTU_INSTALL_CONTAINERD_VERSION or KUBE_UBUNTU_INSTALL_RUNC_VERSION
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@@ -106,23 +106,11 @@ export NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}}
 export NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-cos-cloud}
 export NODE_SERVICE_ACCOUNT=${KUBE_GCE_NODE_SERVICE_ACCOUNT:-default}
-# Default container runtime for linux
+export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
-export CONTAINER_RUNTIME=${KUBE_CONTAINER_RUNTIME:-containerd}
+export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-containerd}
-# Default container runtime for windows
+export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
-export WINDOWS_CONTAINER_RUNTIME=${KUBE_WINDOWS_CONTAINER_RUNTIME:-containerd}
+export LOG_DUMP_SYSTEMD_SERVICES=${LOG_DUMP_SYSTEMD_SERVICES:-containerd}
-
+export CONTAINER_RUNTIME_TEST_HANDLER="true"
 # Set default values with override
 if [[ "${CONTAINER_RUNTIME}" == "docker" ]]; then
  export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/dockershim.sock}
  export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-docker}
  export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-}
 elif [[ "${CONTAINER_RUNTIME}" == "containerd" || "${CONTAINER_RUNTIME}" == "remote" ]]; then
  export CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
  export CONTAINER_RUNTIME_NAME=${KUBE_CONTAINER_RUNTIME_NAME:-containerd}
  export LOAD_IMAGE_COMMAND=${KUBE_LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
  export LOG_DUMP_SYSTEMD_SERVICES=${LOG_DUMP_SYSTEMD_SERVICES:-containerd}
  export CONTAINER_RUNTIME_TEST_HANDLER="true"
 fi
 export GCI_DOCKER_VERSION=${KUBE_GCI_DOCKER_VERSION:-}
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -484,17 +484,17 @@ function ensure-local-ssds-ephemeral-storage() {
  safe-format-and-mount "${device}" "${ephemeral_mountpoint}"
  # mount container runtime root dir on SSD
-  local container_runtime="${CONTAINER_RUNTIME:-containerd}"
+  local container_runtime_name="${CONTAINER_RUNTIME_NAME:-containerd}"
-  systemctl stop "$container_runtime"
+  systemctl stop "$container_runtime_name"
  # Some images remount the container runtime root dir.
-  umount "/var/lib/${container_runtime}" || true
+  umount "/var/lib/${container_runtime_name}" || true
  # Move the container runtime's directory to the new location to preserve
  # preloaded images.
-  if [ ! -d "${ephemeral_mountpoint}/${container_runtime}" ]; then
+  if [ ! -d "${ephemeral_mountpoint}/${container_runtime_name}" ]; then
-    mv "/var/lib/${container_runtime}" "${ephemeral_mountpoint}/${container_runtime}"
+    mv "/var/lib/${container_runtime_name}" "${ephemeral_mountpoint}/${container_runtime_name}"
  fi
-  safe-bind-mount "${ephemeral_mountpoint}/${container_runtime}" "/var/lib/${container_runtime}"
+  safe-bind-mount "${ephemeral_mountpoint}/${container_runtime_name}" "/var/lib/${container_runtime_name}"
-  systemctl start "$container_runtime"
+  systemctl start "$container_runtime_name"
  # mount kubelet root dir on SSD
  mkdir -p "${ephemeral_mountpoint}/kubelet"
@@ -2550,7 +2550,7 @@ function start-volumesnapshot-crd-and-controller {
 # endpoint.
 function update-container-runtime {
  local -r file="$1"
-  local -r container_runtime_endpoint="${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/containerd/containerd.sock}"
+  local -r container_runtime_endpoint="${CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}"
  sed -i \
    -e "s@{{ *fluentd_container_runtime_service *}}@${FLUENTD_CONTAINER_RUNTIME_SERVICE:-${CONTAINER_RUNTIME_NAME:-containerd}}@g" \
    -e "s@{{ *container_runtime_endpoint *}}@${container_runtime_endpoint#unix://}@g" \
@@ -3446,20 +3446,14 @@ function main() {
  fi
  log-wrap 'OverrideKubectl' override-kubectl
-  container_runtime="${CONTAINER_RUNTIME:-containerd}"
+  if docker-installed; then
-  # Run the containerized mounter once to pre-cache the container image.
+    # We still need to configure docker so it wouldn't reserver the 172.17.0/16 subnet
-  if [[ "${container_runtime}" == "docker" ]]; then
+    # And if somebody will start docker to build or pull something, logging will also be set up
    log-wrap 'AssembleDockerFlags' assemble-docker-flags
-  elif [[ "${container_runtime}" == "containerd" ]]; then
+    # stop docker if it is present as we want to use just containerd
-    if docker-installed; then
+    log-wrap 'StopDocker' systemctl stop docker || echo "unable to stop docker"
      # We still need to configure docker so it wouldn't reserver the 172.17.0/16 subnet
      # And if somebody will start docker to build or pull something, logging will also be set up
      log-wrap 'AssembleDockerFlags' assemble-docker-flags
      # stop docker if it is present as we want to use just containerd
      log-wrap 'StopDocker' systemctl stop docker || echo "unable to stop docker"
    fi
    log-wrap 'SetupContainerd' setup-containerd
  fi
  log-wrap 'SetupContainerd' setup-containerd
  log-start 'SetupKubePodLogReadersGroupDir'
  if [[ -n "${KUBE_POD_LOG_READERS_GROUP:-}" ]]; then
--- a/cluster/gce/gci/configure.sh
+++ b/cluster/gce/gci/configure.sh
@@ -340,7 +340,7 @@ function install-crictl {
  # Create crictl config file.
  cat > /etc/crictl.yaml <<EOF
-runtime-endpoint: ${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/containerd/containerd.sock}
+runtime-endpoint: ${CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
 EOF
  if is-preloaded "${crictl}" "${crictl_hash}"; then
@@ -437,9 +437,7 @@ function try-load-docker-image {
  local -r max_attempts=5
  local -i attempt_num=1
-  if [[ "${CONTAINER_RUNTIME_NAME:-}" == "docker" ]]; then
+  if [[ "${CONTAINER_RUNTIME_NAME:-}" == "containerd" || "${CONTAINERD_TEST:-}"  == "containerd" ]]; then
    load_image_command=${LOAD_IMAGE_COMMAND:-docker load -i}
  elif [[ "${CONTAINER_RUNTIME_NAME:-}" == "containerd" || "${CONTAINERD_TEST:-}"  == "containerd" ]]; then
    load_image_command=${LOAD_IMAGE_COMMAND:-ctr -n=k8s.io images import}
  else
    load_image_command="${LOAD_IMAGE_COMMAND:-}"
@@ -584,40 +582,28 @@ function install-containerd-ubuntu {
 }
 function ensure-container-runtime {
-  container_runtime="${CONTAINER_RUNTIME:-containerd}"
+  # Install containerd/runc if requested
-  if [[ "${container_runtime}" == "docker" ]]; then
+  if [[ -n "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" || -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
-    if ! command -v docker >/dev/null 2>&1; then
+    log-wrap "InstallContainerdUbuntu" install-containerd-ubuntu
      log-wrap "InstallDocker" install-docker
      if ! command -v docker >/dev/null 2>&1; then
        echo "ERROR docker not found. Aborting."
        exit 2
      fi
    fi
    docker version
  elif [[ "${container_runtime}" == "containerd" ]]; then
    # Install containerd/runc if requested
    if [[ -n "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" || -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
      log-wrap "InstallContainerdUbuntu" install-containerd-ubuntu
    fi
    # Verify presence and print versions of ctr, containerd, runc
    if ! command -v ctr >/dev/null 2>&1; then
      echo "ERROR ctr not found. Aborting."
      exit 2
    fi
    ctr --version
    if ! command -v containerd >/dev/null 2>&1; then
      echo "ERROR containerd not found. Aborting."
      exit 2
    fi
    containerd --version
    if ! command -v runc >/dev/null 2>&1; then
      echo "ERROR runc not found. Aborting."
      exit 2
    fi
    runc --version
  fi
  # Verify presence and print versions of ctr, containerd, runc
  if ! command -v ctr >/dev/null 2>&1; then
    echo "ERROR ctr not found. Aborting."
    exit 2
  fi
  ctr --version
  if ! command -v containerd >/dev/null 2>&1; then
    echo "ERROR containerd not found. Aborting."
    exit 2
  fi
  containerd --version
  if ! command -v runc >/dev/null 2>&1; then
    echo "ERROR runc not found. Aborting."
    exit 2
  fi
  runc --version
 }
 # Downloads kubernetes binaries and kube-system manifest tarball, unpacks them,
--- a/cluster/gce/gci/health-monitor.sh
+++ b/cluster/gce/gci/health-monitor.sh
@@ -28,15 +28,8 @@ function container_runtime_monitoring {
  local -r max_attempts=5
  local attempt=1
  local -r crictl="${KUBE_HOME}/bin/crictl"
-  local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}"
+  local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-containerd}"
-  # We still need to use `docker ps` when container runtime is "docker". This is because
+  local -r healthcheck_command=("${crictl}" pods)
  # dockershim is still part of kubelet today. When kubelet is down, crictl pods
  # will also fail, and docker will be killed. This is undesirable especially when
  # docker live restore is disabled.
  local healthcheck_command=(docker ps)
  if [[ "${CONTAINER_RUNTIME:-containerd}" != "docker" ]]; then
    healthcheck_command=("${crictl}" pods)
  fi
  # Container runtime startup takes time. Make initial attempts before starting
  # killing the container runtime.
  until timeout 60 "${healthcheck_command[@]}" > /dev/null; do
@@ -50,12 +43,6 @@ function container_runtime_monitoring {
  while true; do
    if ! timeout 60 "${healthcheck_command[@]}" > /dev/null; then
      echo "Container runtime ${container_runtime_name} failed!"
      if [[ "$container_runtime_name" == "docker" ]]; then
          # Dump stack of docker daemon for investigation.
          # Log fle name looks like goroutine-stacks-TIMESTAMP and will be saved to
          # the exec root directory, which is /var/run/docker/ on Ubuntu and COS.
          pkill -SIGUSR1 dockerd
      fi
      systemctl kill --kill-who=main "${container_runtime_name}"
      # Wait for a while, as we don't want to kill it again before it is really up.
      sleep 120
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@@ -794,14 +794,11 @@ function construct-linux-kubelet-flags {
    flags+=" --register-with-taints=${NODE_TAINTS}"
  fi
-  flags+=" --container-runtime=remote"
+  CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
-  if [[ "${CONTAINER_RUNTIME}" == "containerd" ]]; then
+  flags+=" --container-runtime-endpoint=${CONTAINER_RUNTIME_ENDPOINT}"
    CONTAINER_RUNTIME_ENDPOINT=${KUBE_CONTAINER_RUNTIME_ENDPOINT:-unix:///run/containerd/containerd.sock}
    flags+=" --runtime-cgroups=/system.slice/containerd.service"
  fi
-  if [[ -n "${CONTAINER_RUNTIME_ENDPOINT:-}" ]]; then
+  if [[ "${CONTAINER_RUNTIME_ENDPOINT}" =~ /containerd.sock$ ]]; then
-    flags+=" --container-runtime-endpoint=${CONTAINER_RUNTIME_ENDPOINT}"
+    flags+=" --runtime-cgroups=/system.slice/containerd.service"
  fi
  KUBELET_ARGS="${flags}"
@@ -861,11 +858,9 @@ function construct-windows-kubelet-flags {
  # TODO(#78628): Re-enable KubeletPodResources when the issue is fixed.
  # Force disable KubeletPodResources feature on Windows until #78628 is fixed.
  flags+=" --feature-gates=KubeletPodResources=false"
-  flags+=" --container-runtime=remote"
+
-  if [[ "${WINDOWS_CONTAINER_RUNTIME}" == "containerd" ]]; then
+  WINDOWS_CONTAINER_RUNTIME_ENDPOINT=${KUBE_WINDOWS_CONTAINER_RUNTIME_ENDPOINT:-npipe:////./pipe/containerd-containerd}
-    WINDOWS_CONTAINER_RUNTIME_ENDPOINT=${KUBE_WINDOWS_CONTAINER_RUNTIME_ENDPOINT:-npipe:////./pipe/containerd-containerd}
+  flags+=" --container-runtime-endpoint=${WINDOWS_CONTAINER_RUNTIME_ENDPOINT}"
    flags+=" --container-runtime-endpoint=${WINDOWS_CONTAINER_RUNTIME_ENDPOINT}"
  fi
  KUBELET_ARGS="${flags}"
 }
--- a/cluster/gce/windows/configure.ps1
+++ b/cluster/gce/windows/configure.ps1
@@ -147,21 +147,6 @@ try {
  # Set the TCP/IP Parameters to keep idle connections alive.
  Set-WindowsTCPParameters
  # Install Docker if the select CRI is not containerd and docker is not already
  # installed.
  if (${env:CONTAINER_RUNTIME} -ne "containerd") {
    if (-not (Test-DockerIsInstalled)) {
      Install-Docker
    }
    # For some reason the docker service may not be started automatically on the
    # first reboot, although it seems to work fine on subsequent reboots.
    Restart-Service docker
    Start-Sleep 5
    if (-not (Test-DockerIsRunning)) {
        throw "docker service failed to start or stay running"
    }
  }
  Set-PrerequisiteOptions
  if (Test-IsTestCluster $kube_env) {
--- a/cluster/gce/windows/k8s-node-setup.psm1
+++ b/cluster/gce/windows/k8s-node-setup.psm1
@@ -262,12 +262,10 @@ function Set_CurrentShellEnvironmentVar {
 # Sets environment variables used by Kubernetes binaries and by other functions
 # in this module. Depends on numerous ${kube_env} keys.
 function Set-EnvironmentVars {
-  if ($kube_env.ContainsKey('WINDOWS_CONTAINER_RUNTIME')) {
+  if ($kube_env.ContainsKey('WINDOWS_CONTAINER_RUNTIME_ENDPOINT')) {
      $container_runtime = ${kube_env}['WINDOWS_CONTAINER_RUNTIME']
      $container_runtime_endpoint = ${kube_env}['WINDOWS_CONTAINER_RUNTIME_ENDPOINT']
  } else {
-      Log-Output "ERROR: WINDOWS_CONTAINER_RUNTIME not set in kube-env, falling back in CONTAINER_RUNTIME"
+      Log-Output "ERROR: WINDOWS_CONTAINER_RUNTIME_ENDPOINT not set in kube-env, falling back in CONTAINER_RUNTIME_ENDPOINT"
      $container_runtime = ${kube_env}['CONTAINER_RUNTIME']
      $container_runtime_endpoint = ${kube_env}['CONTAINER_RUNTIME_ENDPOINT']
  }
  # Turning the kube-env values into environment variables is not required but
@@ -304,7 +302,6 @@ function Set-EnvironmentVars {
    "KUBELET_CERT_PATH" = ${kube_env}['PKI_DIR'] + '\kubelet.crt'
    "KUBELET_KEY_PATH" = ${kube_env}['PKI_DIR'] + '\kubelet.key'
    "CONTAINER_RUNTIME" = $container_runtime
    "CONTAINER_RUNTIME_ENDPOINT" = $container_runtime_endpoint
    'LICENSE_DIR' = 'C:\Program Files\Google\Compute Engine\THIRD_PARTY_NOTICES'
@@ -987,153 +984,7 @@ function Configure-GcePdTools {
 # Setup cni network. This function supports both Docker and containerd.
 function Prepare-CniNetworking {
  if (${env:CONTAINER_RUNTIME} -eq "containerd") {
    # For containerd the CNI binaries have already been installed along with
    # the runtime.
    Configure_Containerd_CniNetworking
  } else {
    Install_Cni_Binaries
    Configure_Dockerd_CniNetworking
  }
 }
 # Downloads the Windows CNI binaries and puts them in $env:CNI_DIR.
 function Install_Cni_Binaries {
  if (-not (ShouldWrite-File ${env:CNI_DIR}\win-bridge.exe) -and
      -not (ShouldWrite-File ${env:CNI_DIR}\host-local.exe)) {
    return
  }
  $tmp_dir = 'C:\cni_tmp'
  New-Item $tmp_dir -ItemType 'directory' -Force | Out-Null
  $release_url = "${env:WINDOWS_CNI_STORAGE_PATH}/${env:WINDOWS_CNI_VERSION}/"
  $tgz_url = ($release_url +
              "cni-plugins-windows-amd64-${env:WINDOWS_CNI_VERSION}.tgz")
  $sha_url = ($tgz_url + ".sha512")
  MustDownload-File -URLs $sha_url -OutFile $tmp_dir\cni-plugins.sha512
  $sha512_val = ($(Get-Content $tmp_dir\cni-plugins.sha512) -split ' ',2)[0]
  MustDownload-File `
      -URLs $tgz_url `
      -OutFile $tmp_dir\cni-plugins.tgz `
      -Hash $sha512_val
  tar xzvf $tmp_dir\cni-plugins.tgz -C $tmp_dir
  Move-Item -Force $tmp_dir\host-local.exe ${env:CNI_DIR}\
  Move-Item -Force $tmp_dir\win-bridge.exe ${env:CNI_DIR}\
  Remove-Item -Force -Recurse $tmp_dir
  if (-not ((Test-Path ${env:CNI_DIR}\win-bridge.exe) -and `
            (Test-Path ${env:CNI_DIR}\host-local.exe))) {
    Log-Output `
        "win-bridge.exe and host-local.exe not found in ${env:CNI_DIR}" `
        -Fatal
  }
 }
 # Writes a CNI config file under $env:CNI_CONFIG_DIR.
 #
 # Prerequisites:
 #   $env:POD_CIDR is set (by Set-PodCidr).
 #   The "management" interface exists (Configure-HostNetworkingService).
 #   The HNS network for pod networking has been configured
 #     (Configure-HostNetworkingService).
 #
 # Required ${kube_env} keys:
 #   DNS_SERVER_IP
 #   DNS_DOMAIN
 #   SERVICE_CLUSTER_IP_RANGE
 function Configure_Dockerd_CniNetworking {
  $l2bridge_conf = "${env:CNI_CONFIG_DIR}\l2bridge.conf"
  if (-not (ShouldWrite-File ${l2bridge_conf})) {
    return
  }
  $mgmt_ip = (Get_MgmtNetAdapter |
              Get-NetIPAddress -AddressFamily IPv4).IPAddress
  $cidr_range_start = Get_PodIP_Range_Start(${env:POD_CIDR})
  # Explanation of the CNI config values:
  #   POD_CIDR: the pod CIDR assigned to this node.
  #   CIDR_RANGE_START: start of the pod CIDR range.
  #   MGMT_IP: the IP address assigned to the node's primary network interface
  #     (i.e. the internal IP of the GCE VM).
  #   SERVICE_CIDR: the CIDR used for kubernetes services.
  #   DNS_SERVER_IP: the cluster's DNS server IP address.
  #   DNS_DOMAIN: the cluster's DNS domain, e.g. "cluster.local".
  #
  # OutBoundNAT ExceptionList: No SNAT for CIDRs in the list, the same as default GKE non-masquerade destination ranges listed at https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent#default-non-masq-dests
  New-Item -Force -ItemType file ${l2bridge_conf} | Out-Null
  Set-Content ${l2bridge_conf} `
 '{
  "cniVersion":  "0.2.0",
  "name":  "l2bridge",
  "type":  "win-bridge",
  "capabilities":  {
    "portMappings":  true,
    "dns": true
  },
  "ipam":  {
    "type": "host-local",
    "subnet": "POD_CIDR",
    "rangeStart": "CIDR_RANGE_START"
  },
  "dns":  {
    "Nameservers":  [
      "DNS_SERVER_IP"
    ],
    "Search": [
      "DNS_DOMAIN"
    ]
  },
  "Policies":  [
    {
      "Name":  "EndpointPolicy",
      "Value":  {
        "Type":  "OutBoundNAT",
        "ExceptionList":  [
          "169.254.0.0/16",
          "10.0.0.0/8",
          "172.16.0.0/12",
          "192.168.0.0/16",
          "100.64.0.0/10",
          "192.0.0.0/24",
          "192.0.2.0/24",
          "192.88.99.0/24",
          "198.18.0.0/15",
          "198.51.100.0/24",
          "203.0.113.0/24",
          "240.0.0.0/4"
        ]
      }
    },
    {
      "Name":  "EndpointPolicy",
      "Value":  {
        "Type":  "ROUTE",
        "DestinationPrefix":  "SERVICE_CIDR",
        "NeedEncap":  true
      }
    },
    {
      "Name":  "EndpointPolicy",
      "Value":  {
        "Type":  "ROUTE",
        "DestinationPrefix":  "MGMT_IP/32",
        "NeedEncap":  true
      }
    }
  ]
 }'.replace('POD_CIDR', ${env:POD_CIDR}).`
  replace('CIDR_RANGE_START', ${cidr_range_start}).`
  replace('DNS_SERVER_IP', ${kube_env}['DNS_SERVER_IP']).`
  replace('DNS_DOMAIN', ${kube_env}['DNS_DOMAIN']).`
  replace('MGMT_IP', ${mgmt_ip}).`
  replace('SERVICE_CIDR', ${kube_env}['SERVICE_CLUSTER_IP_RANGE'])
  Log-Output "CNI config:`n$(Get-Content -Raw ${l2bridge_conf})"
 }
 # Obtain the host dns conf and save it to a file so that kubelet/CNI
@@ -1366,14 +1217,9 @@ function Pull-InfraContainer {
 # Docker and containerd.
 function Setup-ContainerRuntime {
  Install-Pigz
-  if (${env:CONTAINER_RUNTIME} -eq "containerd") {
+  Install_Containerd
-    Install_Containerd
+  Configure_Containerd
-    Configure_Containerd
+  Start_Containerd
    Start_Containerd
  } else {
    Create_DockerRegistryKey
    Configure_Dockerd
  }
 }
 function Test-ContainersFeatureInstalled {
@@ -1434,42 +1280,6 @@ function Install-Docker {
      -Verbose
 }
 # Add a registry key for docker in EventLog so that log messages are mapped
 # correctly. This is a workaround since the key is missing in the base image.
 # https://github.com/MicrosoftDocs/Virtualization-Documentation/pull/503
 # TODO: Fix this in the base image.
 # TODO(random-liu): Figure out whether we need this for containerd.
 function Create_DockerRegistryKey {
  $tmp_dir = 'C:\tmp_docker_reg'
  New-Item -Force -ItemType 'directory' ${tmp_dir} | Out-Null
  $reg_file = 'docker.reg'
  Set-Content ${tmp_dir}\${reg_file} `
 'Windows Registry Editor Version 5.00
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\docker]
 "CustomSource"=dword:00000001
 "EventMessageFile"="C:\\Program Files\\docker\\dockerd.exe"
 "TypesSupported"=dword:00000007'
  Log-Output "Importing registry key for Docker"
  reg import ${tmp_dir}\${reg_file}
  Remove-Item -Force -Recurse ${tmp_dir}
 }
 # Configure Docker daemon and restart the service.
 function Configure_Dockerd {
  Set-Content "C:\ProgramData\docker\config\daemon.json" @'
 {
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "1m",
    "max-file": "5"
  }
 }
 '@
 Restart-Service Docker
 }
 # Configures the TCP/IP parameters to be in sync with the GCP recommendation.
 # Not setting these values correctly can cause network issues for connections
 # that live longer than 10 minutes.
@@ -1811,12 +1621,8 @@ function Configure-NodeProblemDetector {
        $system_stats_monitors += @("${npd_dir}\config\windows-system-stats-monitor.json")
        # NPD Configuration for CRI monitor
-        if (${env:CONTAINER_RUNTIME} -eq "containerd") {
+        $system_log_monitors += @("${npd_dir}\config\windows-containerd-monitor-filelog.json")
-          $system_log_monitors += @("${npd_dir}\config\windows-containerd-monitor-filelog.json")
+        $custom_plugin_monitors += @("${npd_dir}\config\windows-health-checker-containerd.json")
          $custom_plugin_monitors += @("${npd_dir}\config\windows-health-checker-containerd.json")
        } else {
          $custom_plugin_monitors += @("${npd_dir}\config\windows-health-checker-docker.json")
        }
        $flags="--v=2 --port=20256 --log_dir=${npd_logs_dir}"
        if ($system_log_monitors.count -gt 0) {
--- a/hack/ginkgo-e2e.sh
+++ b/hack/ginkgo-e2e.sh
@@ -151,8 +151,6 @@ if [[ "${GINKGO_NO_COLOR}" == "y" ]]; then
  ginkgo_args+=("--noColor")
 fi
 CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-${KUBE_CONTAINER_RUNTIME:-}}
 # The --host setting is used only when providing --auth_config
 # If --kubeconfig is used, the host to use is retrieved from the .kubeconfig
 # file and the one provided with --host is ignored.
@@ -191,7 +189,6 @@ fi
  --dns-domain="${KUBE_DNS_DOMAIN:-cluster.local}" \
  --prepull-images="${PREPULL_IMAGES:-false}" \
  --ginkgo.slowSpecThreshold="${GINKGO_SLOW_SPEC_THRESHOLD:-300}" \
  ${CONTAINER_RUNTIME:+"--container-runtime=${CONTAINER_RUNTIME}"} \
  ${MASTER_OS_DISTRIBUTION:+"--master-os-distro=${MASTER_OS_DISTRIBUTION}"} \
  ${NODE_OS_DISTRIBUTION:+"--node-os-distro=${NODE_OS_DISTRIBUTION}"} \
  ${NUM_NODES:+"--num-nodes=${NUM_NODES}"} \
--- a/hack/make-rules/test-e2e-node.sh
+++ b/hack/make-rules/test-e2e-node.sh
@@ -39,7 +39,6 @@ parallelism=${PARALLELISM:-8}
 artifacts="${ARTIFACTS:-"/tmp/_artifacts/$(date +%y%m%dT%H%M%S)"}"
 remote=${REMOTE:-"false"}
 remote_mode=${REMOTE_MODE:-"gce"}
 runtime=${RUNTIME:-"docker"}
 container_runtime_endpoint=${CONTAINER_RUNTIME_ENDPOINT:-""}
 image_service_endpoint=${IMAGE_SERVICE_ENDPOINT:-""}
 run_until_failure=${RUN_UNTIL_FAILURE:-"false"}
@@ -78,13 +77,11 @@ if [ ! -d "${artifacts}" ]; then
 fi
 echo "Test artifacts will be written to ${artifacts}"
-if [[ ${runtime} == "remote" ]] ; then
+if [[ -n ${container_runtime_endpoint} ]] ; then
-  if [[ -n ${container_runtime_endpoint} ]] ; then
+  test_args="--container-runtime-endpoint=${container_runtime_endpoint} ${test_args}"
-    test_args="--container-runtime-endpoint=${container_runtime_endpoint} ${test_args}"
+fi
-  fi
+if [[ -n ${image_service_endpoint} ]] ; then
-  if [[ -n ${image_service_endpoint} ]] ; then
+  test_args="--image-service-endpoint=${image_service_endpoint} ${test_args}"
    test_args="--image-service-endpoint=${image_service_endpoint} ${test_args}"
  fi
 fi
@@ -223,9 +220,6 @@ else
  fi
  # Runtime flags
  test_args='--kubelet-flags="--container-runtime='${runtime}'" '${test_args}
  # Use cluster.local as default dns-domain
  test_args='--dns-domain="'${KUBE_DNS_DOMAIN:-cluster.local}'" '${test_args}
  test_args='--kubelet-flags="--cluster-domain='${KUBE_DNS_DOMAIN:-cluster.local}'" '${test_args}
@@ -233,9 +227,9 @@ else
  # Provided for backwards compatibility
  go run test/e2e_node/runner/local/run_local.go \
    --system-spec-name="${system_spec_name}" --extra-envs="${extra_envs}" \
-    --ginkgo-flags="${ginkgoflags}" --test-flags="--container-runtime=${runtime} \
+    --ginkgo-flags="${ginkgoflags}" \
-    --alsologtostderr --v 4 --report-dir=${artifacts} --node-name $(hostname) \
+    --test-flags="--alsologtostderr --v 4 --report-dir=${artifacts} --node-name $(hostname) ${test_args}" \
-    ${test_args}" --runtime-config="${runtime_config}" \
+    --runtime-config="${runtime_config}" \
    --kubelet-config-file="${kubelet_config_file}" \
    --build-dependencies=true 2>&1 | tee -i "${artifacts}/build-log.txt"
  exit $?
--- a/test/e2e/framework/test_context.go
+++ b/test/e2e/framework/test_context.go
@@ -486,11 +486,6 @@ func AfterReadingAllFlags(t *TestContextType) {
 		TestContext.Provider = "skeleton"
 	}
 	// TODO: Fix tests scripts that set CONTAINER_RUNTIME="containerd"
 	if TestContext.ContainerRuntime == "containerd" {
 		klog.Warningf("The --container-runtime flag is set to 'containerd' instead of 'remote'.")
 		TestContext.ContainerRuntime = "remote"
 	}
 	// Make sure that container runtime is valid
 	if TestContext.ContainerRuntime != "remote" {
 		klog.Errorf("Unsupported CRI container runtime: %q", TestContext.ContainerRuntime)