handle pod-infra-container-image on older versions #1596
Conversation
ndbaker1
force-pushed
the
gc-pod-infra-image
branch
from
587d772
to
a200bde
Compare
|
@ndbaker1 do you intend to add the |
ndbaker1
force-pushed
the
gc-pod-infra-image
branch
7 times, most recently
from
2f8bcaa
to
9aaa063
Compare
ndbaker1
force-pushed
the
gc-pod-infra-image
branch
from
9aaa063
to
f9849b4
Compare
@cartermckinnon sorry bout that, updated the |
| // runtime is moved to containerd 2.0 | ||
| func (ksc *kubeletConfig) withPodInfraContainerImage(cfg *api.NodeConfig, kubeletVersion string, flags map[string]string) error { | ||
| // the flag is a noop on 1.29+, since the behavior was changed to use the | ||
| // CRI image pinning behavior and no longer considers the flag value. |
There was a problem hiding this comment.
yea, it looks like we will need the crictl for sure in some equivalent fashion. Am i missing any go libraries to pull the image through the CRI versus crictl?
There was a problem hiding this comment.
i could use the same upstream resources to pull this to remove the cri-tools install,
it would look something like:
import (
v1 "k8s.io/cri-api/pkg/apis/runtime/v1"
"k8s.io/kubernetes/pkg/kubelet/cri/remote"
)
imageManager, err := remote.NewRemoteImageService("unix:///run/containerd/containerd.sock", 2*time.Second, nil)
imageSpec := v1.ImageSpec{Image: sandboxImage}
authConfig := v1.AuthConfig{Username: "AWS", Password: ecrUserToken}
imageRef, err := imageManager.PullImage(context.TODO(), &imageSpec, &authConfig, nil)
There was a problem hiding this comment.
Chatted offline, I think it's a good idea for nodeadm to bake in this functionality but we need to find the right CRI client library to use (pulling in kubelet internals should be a last resort)
Issue #, if available:
Description of changes:
some k8s versions will require the
--pod-infra-container-imageflag to avoid the sandbox image getting GC'd. Kubelet options state this will be removed in 1.27.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Testing Done
e2e test cases
See this guide for recommended testing for PRs. Some tests may not apply. Completing tests and providing additional validation steps are not required, but it is recommended and may reduce review time and time to merge.