-
Notifications
You must be signed in to change notification settings - Fork 6.9k
refactor: standardize container runtime interface to crictl across playbooks (Issue #10907) #13172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -32,6 +32,7 @@ | |||||||||||||||||||||||||||
| image_save_command: "{{ bin_dir }}/nerdctl -n k8s.io image save -o {{ image_path_final }} {{ image_reponame }}" | ||||||||||||||||||||||||||||
| image_load_command: "{{ bin_dir }}/nerdctl -n k8s.io image load < {{ image_path_final }}" | ||||||||||||||||||||||||||||
| when: container_manager == 'containerd' | ||||||||||||||||||||||||||||
| # Note: Using nerdctl for save/load as crictl doesn't support image save/load operations (not in CRI spec) | ||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
| - name: Set image save/load command for crio | ||||||||||||||||||||||||||||
| set_fact: | ||||||||||||||||||||||||||||
|
|
@@ -46,8 +47,9 @@ | |||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
| - name: Set image save/load command for containerd on localhost | ||||||||||||||||||||||||||||
| set_fact: | ||||||||||||||||||||||||||||
| image_save_command_on_localhost: "{{ containerd_bin_dir }}/ctr -n k8s.io image export --platform linux/{{ image_arch }} {{ image_path_cached }} {{ image_reponame }}" | ||||||||||||||||||||||||||||
| image_save_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io image save -o {{ image_path_cached }} {{ image_reponame }}" | ||||||||||||||||||||||||||||
| when: container_manager_on_localhost == 'containerd' | ||||||||||||||||||||||||||||
| # Changed from ctr to nerdctl for consistency with main image save commands | ||||||||||||||||||||||||||||
|
Comment on lines
+50
to
+52
|
||||||||||||||||||||||||||||
| image_save_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io image save -o {{ image_path_cached }} {{ image_reponame }}" | |
| when: container_manager_on_localhost == 'containerd' | |
| # Changed from ctr to nerdctl for consistency with main image save commands | |
| image_save_command_on_localhost: "{{ bin_dir }}/ctr -n k8s.io images export --platform linux/{{ image_arch }} {{ image_path_cached }} {{ image_reponame }}" | |
| when: container_manager_on_localhost == 'containerd' | |
| # Use ctr here to preserve explicit platform selection so the cached image matches image_arch deterministically |
Copilot
AI
Apr 14, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
image_save_command_on_localhost for containerd now uses {{ bin_dir }}/nerdctl ..., but in download_localhost mode these commands run on the Ansible controller (localhost), where bin_dir/nerdctl is not installed by Kubespray roles. Previously this path used {{ containerd_bin_dir }}/ctr ..., which aligns with a plain containerd install. To avoid breaking download_localhost with container_manager_on_localhost == 'containerd', either keep using ctr for localhost, or add logic to ensure nerdctl is present on localhost (or make the tool configurable separately for localhost).
| image_save_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io image save -o {{ image_path_cached }} {{ image_reponame }}" | |
| when: container_manager_on_localhost == 'containerd' | |
| # Changed from ctr to nerdctl for consistency with main image save commands | |
| image_save_command_on_localhost: "{{ containerd_bin_dir }}/ctr -n k8s.io images export {{ image_path_cached }} {{ image_reponame }}" | |
| when: container_manager_on_localhost == 'containerd' | |
| # Use ctr on localhost because download_localhost commands run on the Ansible controller, | |
| # where Kubespray does not ensure nerdctl is installed in {{ bin_dir }} |
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -63,7 +63,7 @@ nerdctl_image_pull_command: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet" | |||||
| crictl_image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" | ||||||
| crictl_image_pull_command: "{{ bin_dir }}/crictl pull" | ||||||
|
|
||||||
| image_command_tool: "{%- if container_manager == 'containerd' -%}nerdctl{%- elif container_manager == 'crio' -%}crictl{%- else -%}{{ container_manager }}{%- endif -%}" | ||||||
| image_command_tool: "{%- if container_manager == 'containerd' -%}crictl{%- elif container_manager == 'crio' -%}crictl{%- else -%}{{ container_manager }}{%- endif -%}" | ||||||
|
||||||
| image_command_tool: "{%- if container_manager == 'containerd' -%}crictl{%- elif container_manager == 'crio' -%}crictl{%- else -%}{{ container_manager }}{%- endif -%}" | |
| image_command_tool: "{%- if container_manager in ['containerd', 'crio'] -%}crictl{%- else -%}{{ container_manager }}{%- endif -%}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The wait handler now runs
crictl imageswhich produces a full table and can be quite large; since the output isn’t used (only the rc is), prefer the quiet form (e.g.,crictl images -q) or otherwise suppress output to reduce handler payload and log/memory overhead during retries.