Created
June 22, 2023 22:59
-
-
Save doctorpangloss/17d6c5245f46d880ce9daf6f082e245a to your computer and use it in GitHub Desktop.
upgrades containerd on windows for GKE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: DaemonSet | |
| metadata: | |
| name: containerd-upgrade | |
| namespace: kube-system | |
| spec: | |
| selector: | |
| matchLabels: | |
| name: containerd-upgrade | |
| template: | |
| metadata: | |
| labels: | |
| name: containerd-upgrade | |
| spec: | |
| hostNetwork: true | |
| securityContext: | |
| windowsOptions: | |
| hostProcess: true | |
| runAsUserName: "NT AUTHORITY\\System" | |
| hostPID: true | |
| nodeSelector: | |
| kubernetes.io/os: windows | |
| tolerations: | |
| - operator: Exists | |
| initContainers: | |
| - name: upgrade-containerd | |
| image: mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 | |
| args: | |
| - powershell.exe | |
| - -Command | |
| - | | |
| $scriptPath = "C:/etc/update_containerd.ps1" | |
| Copy-Item -Path "update_containerd.ps1" -Destination $scriptPath | |
| $TaskName = "UpdateContainerdTask" | |
| $TaskDescription = "This task updates containerd to the specific version" | |
| $TaskAction = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-File `"$scriptPath`"" | |
| $TaskTrigger = New-ScheduledTaskTrigger -At (Get-Date).AddSeconds(10) -Once | |
| $principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount | |
| # Check if containerd version is not 1.7.2 | |
| $containerdVersion = & 'containerd.exe' '--version' | |
| if ($containerdVersion -notmatch '1.7.2') { | |
| Register-ScheduledTask -TaskName $TaskName -Description $TaskDescription -Action $TaskAction -Trigger $TaskTrigger -Principal $principal -Force | |
| } | |
| securityContext: | |
| windowsOptions: | |
| hostProcess: true | |
| volumeMounts: | |
| - name: script-vol | |
| mountPath: "update_containerd.ps1" | |
| subPath: update_containerd.ps1 | |
| containers: | |
| - name: check-containerd-version | |
| image: mcr.microsoft.com/oss/kubernetes/pause:3.6 | |
| command: | |
| - "$env:CONTAINER_SANDBOX_MOUNT_POINT/pause.exe" | |
| readinessProbe: | |
| exec: | |
| command: | |
| - powershell.exe | |
| - -Command | |
| - | | |
| if ((& 'C:\etc\kubernetes\node\bin\containerd.exe' '--version') -match '1.7.2') { exit 0 } else { exit 1 } | |
| initialDelaySeconds: 60 | |
| periodSeconds: 10 | |
| failureThreshold: 100 | |
| securityContext: | |
| windowsOptions: | |
| hostProcess: true | |
| volumes: | |
| - name: script-vol | |
| configMap: | |
| name: containerd-upgrade-script | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: containerd-upgrade-script | |
| namespace: kube-system | |
| data: | |
| update_containerd.ps1: | | |
| # Install the 7Zip4Powershell module | |
| Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force | |
| Install-Module -Name 7Zip4Powershell -Force | |
| # Download the containerd archive | |
| $url = 'https://github.com/containerd/containerd/releases/download/v1.7.2/containerd-1.7.2-windows-amd64.tar.gz' | |
| $output = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'containerd-1.7.2-windows-amd64.tar.gz' | |
| Invoke-WebRequest -Uri $url -OutFile $output | |
| # Extract the .gz to get the .tar | |
| $tarPath = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'containerd-1.7.2-windows-amd64.tar' | |
| Expand-7Zip -ArchiveFileName $output -TargetPath ([System.IO.Path]::GetTempPath()) | |
| # Extract the tar to a new temp directory | |
| $extractPath = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'containerd' | |
| New-Item -ItemType Directory -Force -Path $extractPath | |
| Expand-7Zip -ArchiveFileName $tarPath -TargetPath $extractPath | |
| # Find the current containerd.exe location | |
| # Exclude the extractPath directory from the search | |
| # todo: generify this, because recursive search is glitchy | |
| $existingPath = "C:\etc\kubernetes\node\bin" | |
| # Stop the containerd service | |
| Stop-Service -Name 'containerd' | |
| Get-Process | Where-Object { $_.Modules.FileName -contains 'C:\etc\kubernetes\node\bin\containerd-shim-runhcs-v1.exe' } | Stop-Process -Force | |
| Get-Process | Where-Object { $_.Modules.FileName -contains 'C:\etc\kubernetes\node\bin\containerd.exe' } | Stop-Process -Force | |
| # Copy the contents of the new bin directory to the existing containerd directory | |
| Copy-Item -Path "$extractPath\bin\*" -Destination $existingPath -Recurse -Force | |
| # Start the containerd service | |
| Start-Service -Name 'containerd' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment