Bump containerd from 2.2.3 to 2.3.0

[isumitsolanki]

What type of PR is this?
/kind feature

What this PR does / why we need it:

Bumps the default containerd version from 2.2.3 to 2.3.0, the first annual LTS release under containerd’s new release cadence.

• Add 2.3.0 checksums for containerd_archive_checksums and containerd_static_archive_checksums on arm64, amd64, and ppc64le
• Update the README component list to reflect the new default version

The default containerd_version is derived from the newest entry in containerd_archive_checksums, so no change to download.yml is required.

Which issue(s) this PR fixes:

Fixes #13236

Special notes for your reviewer:

Checksums were taken from the official v2.3.0 release .sha256sum files on GitHub. scripts/assert-sorted-checksums.yml passes.

Does this PR introduce a user-facing change?:

Bump default containerd version from 2.2.3 to 2.3.0

[k8s-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: isumitsolanki
Once this PR has been reviewed and has the lgtm label, please assign vannten for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @isumitsolanki. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[guoard]

Thank you for your contribution.

Don't we need to add nerdctl checksums too?

[tico88612]

@isumitsolanki could you check this do-not-merge/release-note-label-needed

[isumitsolanki]

could you check this
Thanks for the review @guoard — you’re right, we should add nerdctl checksums as well.

Kubespray installs nerdctl alongside containerd (container-engine/nerdctl is a dependency of the containerd role), and the default nerdctl_version is taken from the newest entry in nerdctl_archive_checksums, same pattern as containerd. Without 2.3.0 entries there, clusters would get containerd 2.3.0 but nerdctl 2.2.2.

I’ve added 2.3.0 checksums for nerdctl on arm64, amd64, and ppc64le (from the official nerdctl v2.3.0 release .sha256sum files). I also updated nerdctl_version to use image_arch so the default version matches the per-arch checksum lookup.