From fd2343d6b6994423dd22103a6abea56178368e0f Mon Sep 17 00:00:00 2001 From: AdeshDeshmukh Date: Tue, 14 Apr 2026 22:53:49 +0530 Subject: [PATCH 1/2] refactor: replace ctr with crictl for image listing in containerd handler The handler was using 'ctr images ls -q' to verify containerd is ready after restart. Switching to 'crictl images' since crictl is the standard Kubernetes CRI tool and provides the same functionality - lists container images to confirm the runtime is responding. This is part of the larger effort to standardize on crictl as the single CRI frontend across all container runtimes (containerd, CRI-O, etc). --- roles/container-engine/containerd/handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/container-engine/containerd/handlers/main.yml b/roles/container-engine/containerd/handlers/main.yml index 6a024fd59c6..6edb4597fb5 100644 --- a/roles/container-engine/containerd/handlers/main.yml +++ b/roles/container-engine/containerd/handlers/main.yml @@ -9,7 +9,7 @@ listen: Restart containerd - name: Containerd | wait for containerd - command: "{{ containerd_bin_dir }}/ctr images ls -q" + command: "{{ bin_dir }}/crictl images" register: containerd_ready retries: 8 delay: 4 From a5f195f01e91dd38f9800c000008532605698ea5 Mon Sep 17 00:00:00 2001 From: AdeshDeshmukh Date: Tue, 14 Apr 2026 23:04:34 +0530 Subject: [PATCH 2/2] refactor: consolidate image pull/info commands to crictl (Phases 2-4 of #10907) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit completes the standardization of container runtime tooling across the Kubespray playbooks. We now default to 'crictl' which is the standard Kubernetes CRI interface, reducing complexity and improving portability. Changes: Phase 2: Variable Consolidation - Changed image_command_tool to use crictl as default for both containerd and crio - This makes crictl the standard interface for image pull/info operations - Previously: containerd used nerdctl, crio used crictl (inconsistent) - Now: both use crictl (standardized) Phase 3: Edge Cases - Image Save/Load - Updated localhost image save command: ctr image export → nerdctl image save - Reason: For consistency with remote nodes which already use nerdctl for save - Note: crictl doesn't support save/load operations (not in CRI API spec) - Specialized operations (save/load) still use nerdctl; standard ops use crictl Phase 4: Cleanup - Kept nerdctl_image_* variables for backwards compatibility - These are no longer used via dynamic lookup but may be referenced directly Why This Approach: - crictl: Standard Kubernetes CRI tool (works across containerd, CRI-O, Docker) - nerdctl: High-level tool for save/load operations (not in CRI spec) - ctr: Low-level containerd-specific tool (retained for OCI spec generation) This reduces tool dependencies while maintaining full functionality across different container runtime configurations. --- roles/download/tasks/set_container_facts.yml | 4 +++- roles/kubespray_defaults/defaults/main/download.yml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/download/tasks/set_container_facts.yml b/roles/download/tasks/set_container_facts.yml index 5b93f295359..350232f6f43 100644 --- a/roles/download/tasks/set_container_facts.yml +++ b/roles/download/tasks/set_container_facts.yml @@ -32,6 +32,7 @@ image_save_command: "{{ bin_dir }}/nerdctl -n k8s.io image save -o {{ image_path_final }} {{ image_reponame }}" image_load_command: "{{ bin_dir }}/nerdctl -n k8s.io image load < {{ image_path_final }}" when: container_manager == 'containerd' + # Note: Using nerdctl for save/load as crictl doesn't support image save/load operations (not in CRI spec) - name: Set image save/load command for crio set_fact: @@ -46,8 +47,9 @@ - name: Set image save/load command for containerd on localhost set_fact: - image_save_command_on_localhost: "{{ containerd_bin_dir }}/ctr -n k8s.io image export --platform linux/{{ image_arch }} {{ image_path_cached }} {{ image_reponame }}" + image_save_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io image save -o {{ image_path_cached }} {{ image_reponame }}" when: container_manager_on_localhost == 'containerd' + # Changed from ctr to nerdctl for consistency with main image save commands - name: Set image save/load command for crio on localhost set_fact: diff --git a/roles/kubespray_defaults/defaults/main/download.yml b/roles/kubespray_defaults/defaults/main/download.yml index 68f147f53de..89062b8d0d6 100644 --- a/roles/kubespray_defaults/defaults/main/download.yml +++ b/roles/kubespray_defaults/defaults/main/download.yml @@ -63,7 +63,7 @@ nerdctl_image_pull_command: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet" crictl_image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" crictl_image_pull_command: "{{ bin_dir }}/crictl pull" -image_command_tool: "{%- if container_manager == 'containerd' -%}nerdctl{%- elif container_manager == 'crio' -%}crictl{%- else -%}{{ container_manager }}{%- endif -%}" +image_command_tool: "{%- if container_manager == 'containerd' -%}crictl{%- elif container_manager == 'crio' -%}crictl{%- else -%}{{ container_manager }}{%- endif -%}" image_command_tool_on_localhost: "{{ image_command_tool }}" image_pull_command: "{{ lookup('vars', image_command_tool + '_image_pull_command') }}"